Hello list,
I've just spent the better part of three hours up to my ears in packet
traces, squid debugging, reconfiguring, upgrading from -STABLE5 to
-STABLE8 and and firewall tweaking.
I was getting "Zero Sized Reply" on a specific page of a website (within
an authenticated realm). All the usual recipes got me nowhere. And the
firewall was showing odd behaviour: I was getting connection rejects on
a high port of the natted address of the Squid box, coming from source
port 80 of the remote host I was making the connections too. And no
amount of nat tweaks or changes to the ruleset would make the page work.
Then, after staring at the FAQ (section 11.51) for the seventeenth, the
I finally began to comprehend the words I was reading ;o)
"Disable any advanced TCP features on the Squid system"
And then dim memories of hardening the box back in Jan 2003 rose to the
surface. In /etc/sysctl.conf I had the following setting:
net.inet.tcp.blackhole=2
Sure enough, deactivating this parameter by running the command
/sbin/sysctl net.inet.tcp.blackhole=0
... fixed the problem immediately. Didn't even have to restart squid. If
someone could update the FAQ with this information it might possibly
save someone else grief.
Thanks,
David
Received on Thu Feb 24 2005 - 08:15:46 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST