RE: [squid-users] TCP MISS 503 from David LE GOUPIL on 2005-08-31 (squid-users)

From: David LE GOUPIL <dlegoupil@dont-contact.us>
Date: Wed, 31 Aug 2005 16:30:48 +0300

My iptables rules :
iptables -A OUTPUT -o eth0 -m state --state NEW,ESTABLISHED -p tcp --dport
21 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED -p tcp --sport 21 -j
ACCEPT
iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED -p tcp --dport 20 -j
ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -p tcp
--sport 20 -j ACCEPT
iptables -A OUTPUT -o eth0 -m state --state NEW,ESTABLISHED -p tcp --dport
80 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED -p tcp --sport 80 -j
ACCEPT
iptables -A OUTPUT -o eth0 -m state --state NEW,ESTABLISHED -p tcp --dport
443 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED -p tcp --sport 443 -j
ACCEPT
iptables -A OUTPUT -o eth0 -m state --state NEW,ESTABLISHED -p tcp --dport
8443 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED -p tcp --sport 8443
-j ACCEPT
iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -p tcp
--sport 1024:65535 --dport 1024:65535 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED -p tcp --sport
1024:65535 --dport 1024:65535 -j ACCEPT

eth0 is my internet interface

but any idea about the "503" means ?

-----Original Message-----
From: Ronny [mailto:ronny@spacenet.co.ug]
Sent: mercredi 31 août 2005 15:45
To: David LE GOUPIL
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] TCP MISS 503

How does your iptables interception rule look like? Did you try
intercepting tcp--->80 only?Seems you are doing for all (port 3128 for
any protocols ) which might be the problem!
Ronny

David LE GOUPIL wrote:

>Hello,
>
>I have a LAN connect to internet through a Firewall Iptable with squid (
>port 3128 for any protocols )
>
>On my internet browser (workstation), I obtain this
>
> En essayant de charger l'URL : ftp://ftp.kernel.org/pub/
> L'erreur suivante a été rencontrée :
> . La connexion a échoué
> Le système a retourné :
> (13) Permission denied
>
>In my access.log, I have this message:
>
> 237 192.168.0.59 TCP_MISS/503 1564 GET ftp://ftp.kernel.org/pub/ -
>NONE/- text/html
>
>I have the same message when I try to connect to ssl connection.
>In my firewall's log I can not see any significant DROP.
>
>What the raison of a TCP_MISS/503 ?
>
>David,
>
>
>
>

-- 
***************************************************************************
  / ''We can't become what we need to be by remaining what we are''\
  \ ,,                                                           ,,/
***************************************************************************

Received on Wed Aug 31 2005 - 07:26:24 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:03 MDT