Look again at the addresses.
1. The ICMP messages are generated by the Linux/Squid box, not the
origin server.
2. The destination is the client, not the Linux/Squid box.
3. ICMP Port unreachable is normally only generated on UDP messages. TCP
should generate a TCP RESET and not a ICMP port unreachable. Routers
generates host unreachable when there is no route to the destinaiton.
4. Only exception to 3 above I know of is Linux packet filtering which
generates port unreachable when a packet is filtered with a reject rule.
5. Port unreachable is only valid if generated by the destination host,
and may not be generated by gateways/routers.
To me it very much looks like a Linux firewalling / transparent proxy
bug/misfeature or incorrect Linux firewall ruleset.
It may also be a unpleasant sideeffect of running tcpdump without using
the -p option (-p disables the use of promiscous mode, which has some
unpleasant sideffects to what traffic is received by the packet
filters..). My recommendation to people using tcpdump is to use it from
a separate host on the same network segment (use a hub to get the
tcpdump monitor host into the desired path if it is a fully switched
network).
-- Henrik Nordstrom Spare time Squid hacker Irfan Akber wrote: > > This shows that port 80 is unreachable and the system responded with > unreachable message. > > From: Henrique Pantarotto <scanner@cepa.com.br> > > 17:29:15.094150 200.231.197.10 > 200.231.148.156: icmp: 200.240.10.51 tcp > > port 80 unreachable [tos 0xc0] > > 17:29:24.354342 200.231.197.10 > 200.231.148.158: icmp: 200.245.232.12 > tcp > > port 80 unreachable [tos 0xc0] > > > > 200.231.197.10 is the Linux/Squid box > > 200.231.148.156 and .158 are my dial-in user > > 200.240.10.51 and 200.245.232.12 are the destination web server (the site > > the user is probably visiting)Received on Wed May 12 1999 - 11:01:52 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:16 MST