Re: [squid-users] Cannot connect to Squid's default port

From: Marcello Romani <mromani@dont-contact.us>
Date: Fri, 29 Jun 2007 17:02:31 +0200

Reid ha scritto:
> These are the results of running the commands. Does it look like there is anything that could be
> interfering with port 3128 connections?
>
> --------------------------------------------------------------------
>> iptables-save
> # Generated by iptables-save v1.2.11 on Thu Jun 28 15:32:38 2007
> *nat
> :PREROUTING ACCEPT [525278:45243592]
> :POSTROUTING ACCEPT [420:38931]
> :OUTPUT ACCEPT [420:38931]
> COMMIT
> # Completed on Thu Jun 28 15:32:38 2007
> # Generated by iptables-save v1.2.11 on Thu Jun 28 15:32:38 2007
> *mangle
> :PREROUTING ACCEPT [702539:100216603]
> :INPUT ACCEPT [211958:57721156]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [76059:28676083]
> :POSTROUTING ACCEPT [76059:28676083]
> COMMIT
> # Completed on Thu Jun 28 15:32:38 2007
> # Generated by iptables-save v1.2.11 on Thu Jun 28 15:32:38 2007
> *filter
> :INPUT ACCEPT [535723:156552090]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [177395:71003870]
> COMMIT
> # Completed on Thu Jun 28 15:32:38 2007
> --------------------------------------------------------------------
>> iptables --list
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> --------------------------------------------------------------------
>> iptables -n -L INPUT
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> --------------------------------------------------------------------
>> telnet #.#.#.# 3128 [FROM CLIENT]
> Could not open connection to host on port 3128. Connection failed
> --------------------------------------------------------------------
> tcpdump -n -i any port 3128
> WARNING: Promiscuous mode not support on the "any" device
> --------------------------------------------------------------------
>
>
>>> Could you advise of how I can determine if there is some firewall running?
>> To check if there is a local firewall running:
>>
>> iptables-save
>>
>> To check if there is a firewall between the client and the Squid server:
>>
>> run "tcpdump -n -i any port 3128" on the Squid server, then on a client
>> run "telnet ip.of.squid.server 3128".
>>
>> Regards
>> Henrik
>>
>
>
>
>
> ____________________________________________________________________________________
> Be a PS3 game guru.
> Get your game face on with the latest PS3 news and previews at Yahoo! Games.
> http://videogames.yahoo.com/platform?platform=120121
>
>

It seems you firewall is totally "open", i.e. it doesn't have anything
that could interfere with any daemon.

That "Connection failed" message puzzles me: if I try to telnet a linux
host from another linux host to a port that I know for sure it's closed,
it tells me "Connectoin refused".
So either we are using different telnet clients (mine is run under
gentoo linux) or there is something very strange goning on...

Have you tried to make squid listen only on the 3128 port ?
Maybe you could start from there and then enable one other port at a time...

(just writing thoughts as they pop off my head :)

-- 
Marcello Romani
Responsabile IT
Ottotecnica s.r.l.
http://www.ottotecnica.com
Received on Fri Jun 29 2007 - 09:02:27 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:05 MDT