[squid-users] OT netstat O/p in presence of IPCHAINS

From: khiz code <khizcode@dont-contact.us>
Date: Mon, 27 Aug 2001 21:54:09 -0700 (PDT)

Hi all
this is basically an OT question but which will greatly help me in my
squid installation

i hv a squid box on linux 2.2.19 having IP say 202.120.100.1
acting as a transparent cache using IPCHAINs
ipchains -A input -p tcp -d 0/0 80 -j REDIRECT 3128

all port destined traffic is redirected to the squid box using a route
map on a router . the traffic being directed belongs to the pool say
202.100.10.0/24
now under traffic condition i get the foll netstat O/P

tcp 0 192 204.198.135.72:80 202.100.10.22:1091
FIN_WAIT1
tcp 0 854 135.60.37.38:80 202.100.10.12:4246
FIN_WAIT1
tcp 0 854 217.90.104.42:80 202.100.10.10:56626
FIN_WAIT1
tcp 0 854 135.102.180.79:80 202.100.10.10:55649
FIN_WAIT1
tcp 0 242 216.32.182.251:80 202.100.10.10:18335
FIN_WAIT1
tcp 0 1 216.239.33.100:80 202.100.10.3:14402
FIN_WAIT1

what is confusing me is that under the local socket column i am getting
the IP addresses of remote websites whereas the foreign address column
is showing the IPS of clients who are being redirected to the box
since it is the squid box which is initiating the connections on behalf
of the client shouldnt its IP show up in the local socket column

most of the entries are of the above FIN_WAIT1 type
also i get a lot of SYN_RCVD entries of the foll format
100.19.24.227:3128 202.140.137.10:59034 SYN_RECV
tcp 0 0 135.201.165.183:3128 202.100.10.10:59075
SYN_RECV
tcp 0 0 135.32.178.37:3128 202.100.10.10:58968
SYN_RECV
tcp 0 0 91.144.247.199:3128 202.100.10.10:58967
SYN_RECV
tcp 0 0 135.166.73.83:3128 202.100.10.12:2691
SYN_RECV

lots of these SYN entries which r baically bogging down squid from
accepting furter connections.. and it cant be a DoS attack because
these ips belong to ur clients and thre are no complaints at all!!!

only a few entries show squid IP in the local socket column
is there some problem with my setup

it seems that squid is not able to complete teh TCP handshake with the
clients
hoipe u friendly folks hv an answer
rgds
khizcode

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
Received on Mon Aug 27 2001 - 22:54:11 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:56 MST