[squid-users] Unable to access a device over port 4434

Amos Jeffries squid3 at treenet.co.nz
Fri Oct 11 01:25:21 UTC 2024 

On 11/10/24 07:21, Piana, Josh wrote:
> Hello Matus,
> 
> I apologize, I was unable to read any of the links that were responded with because our environment appended the " eur02.safelinks.protection.outlook.com..." Outlook protection. Did you see that as well on your side? When I did click the links to view them is just stated as failed.
> 
> What I gather from what you said was that, it's not likely Squid is the issue. Even when we bypass Squid it does work. FWIW, it's possible that there is some other network problem coming into play here on our side. Though I did try to verify there's now blockages from the firewall, the networks, the traffic, etc.


FTR; the critical detail in what Matus wrote was that the "wget" (or 
curl if you prefer) connection test **must** be performed
  A) on the Squid machine,
  B) using the same low-privileges user account that Squid runs with,
  D) to the same server IP address Squid is trying to contact.

That ensures the TCP connection privileges are as close to identical to 
what Squid is doing.

Running it from another machine and/or user account may encounter 
different firewall or routing behaviour that hides the real issue.

If that test provides a successful TCP connection, *and* HTTP response 
message the next step is to


Also, FYI; your custom change to the timestamp has somehow lost the 
"duration" value, so I/we cannot tell if this was a probable TCP FIN/RST 
(hint of firewall problem) or a SYN+ACK timeout (hint of routing problem).


HTH
Amos




> 
> I suppose from here I'll try to troubleshoot other things.
> 
> Alternatively, do you think I should try to create an ACL which bypasses any filters or rules to that network?
> 
> -----Original Message-----
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Matus UHLAR - fantomas
> Sent: Thursday, October 10, 2024 3:21 AM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Unable to access a device over port 4434
> 
> Caution: This email originated from outside of Hexcel. Do not click links or open attachments unless you recognize the sender and know the content is safe.
> 
> 
> On 09.10.24 19:59, Piana, Josh wrote:
>> I'm running into an issue wherein, when using Squid proxy, I'm unable to get to one of our management devices from port 4434.
>>
>> I've already verified that this device is not blocking access from the proxy directly, and should be allowed to get to the access page.
>>
>> -          When reviewing the access logs, I can see that we're running into a generic 503 error
>>
>> -          When browsing to this page, it will attempt to load for about 30 seconds, and then fail
>>
>> -          The webpage response is a generic "The system returned: (110) Connection timed out"
>>
>> -          When we forgo the proxy, we can access it without an issue
>>
>> This device is located on a 172.0.0.0/8 internal network.
>>
>> -          Other devices which do NOT use this port are accessible
>>
>> -          Changing the access port is not an option (not up to me)
>>
>> Access Log entry:
>> 09/Oct/2024:15:54:21 -0400.758 10.46.49.190 TCP_MISS/503 4448 GET
>> http://172.0.0.27/
>> .46.253%3A4434%2F&data=05%7C02%7Cjosh.piana%40hexcel.com%7Cad6b9a6df5da
>> 44a2b73508dce8fc1971%7C4248050df19546d5ac9c0c7c52b04cae%7C0%7C0%7C63864
>> 1416681623895%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM
>> zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=G%2FrqNK0o%2Bdk0ia
>> zrnMhbyTvL0RmZAK27lulhMBhPMDU%3D&reserved=0 jpiana \
>> HIER_DIRECT/172.27.46.253 text/html ERR_CONNECT_FAIL/WITH_SERVER
> 
> 
> I guess the correct URL is: http://172.27.46.253:4434/jpiana
> 
> have you tried running following directly from the squid machine?
> 
> wget -Y off http://172.27.46.253:4434/jpiana
> 
> 
> Because ERR_CONNECT_FAIL/WITH_SERVER and "Connection timed out" both say that the squid was unable to open connection to server.
> 
> which is not a squid issue but network connection issue.
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> LSD will make your ECS screen display 16.7 million colors _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list