Re: [squid-users] TCP_DENIED:NONE and Forwarding loop

Hi Tek and Adrian,

I appreciate the suggestions. We have resolved our issue, which was
related to our custom-built Squid parent that was expecting ICP
connections only from the configured IP address of the Squid
(192.168.1.81). Squid is running on a host system with the IP
192.168.1.17 so we were using the following http_port command:

http_port 192.168.1.81:80

to force Squid to listen on a specified IP address on port 80 for any
connections. We tried to use the following command to get Squid to
make ICP connections from that same IP address:

icp_port 192.168.1.81:3130

but when Squid was trying to initiate an ICP to the Squid parent, it
was using the host system IP (192.168.1.17) instead of the icp_port
IP (192.168.1.81).

Based on that, is there a way to force Squid to initiate ICP
connections from a specific IP rather than the default/host IP address?

Thanks again,
Paul

On Sep 4, 2007, at 2:30 AM, Tek Bahadur Limbu wrote:

> Hi Paul,
>
> Paul Bertain wrote:
>> Hi All,
>> I am having a problem with our Squid hierarchy. I am getting
>> TCP_DENIED in the access.log and the cache.log shows a forwarding
>> loop detected. Here is the access.log entry:
>> 192.168.1.81 - - [03/Sep/2007:14:01:06 -0500] "GET http://
>> web.example.com/customers/mba HTTP/1.0" 403 1469 TCP_DENIED:NONE
>> 208.106.5.39 - - [03/Sep/2007:14:01:06 -0500] "GET http://
>> web.example.com/customers/mba HTTP/1.1" 403 1570 TCP_MISS:DIRECT
>> And here is the cache.log entries:
>> 2007/09/03 13:58:50| parseHttpRequest: NF getsockopt
>> (SO_ORIGINAL_DST) failed: (92) Protocol not available
>> 2007/09/03 14:00:20| parseHttpRequest: NF getsockopt
>> (SO_ORIGINAL_DST) failed: (92) Protocol not available
>> 2007/09/03 14:01:06| WARNING: Forwarding loop detected for:
>> Client: 192.168.1.81 http_port: 192.168.1 1.81:80
>> GET http://web.example.com/customers/mba HTTP/1.0
>> Accept: */*
>> Accept-Language: en
>> Accept-Encoding: gzip, deflate
>> User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en)
>> AppleWebKit/419.3 (KHTML, like Gecko) Safari/419.3
>> Host: web.accelerint.com
>> Via: 1.1 squid-1.example .com:80 (squid/2.5.STABLE14)
>> X-Forwarded-For: 208.106.5.39
>> Cache-Control: max-age=259200
>> Connection: keep-alive
>> I think our Squid parent is not responding so Squid goes direct to
>> source. Is there a way to ensure that Squid will not go to origin
>> even if the parent does not respond? We do DNS load-balancing so
>> when the Squid tries to go direct to source, I think that is where
>> our loop begins.
>
> Are you running Squid in transparent mode?
>
> Can you show us the output of: squid -v
>
>
> You can try to use the following directive:
>
> prefer_direct off
>
> In my opinion, this situation usually occurs if your parent squid
> cache has some kind of a relationship (possibly sibling) parameter
> to your squid cache in it's squid.conf.
>
> Posting your squid.conf might help.
>
>
> Thanking you...
>
>
>
>> Thanks,
>> Paul
>
>
> --
>
> With best regards and good wishes,
>
> Yours sincerely,
>
> Tek Bahadur Limbu
>
> System Administrator
>
> (TAG/TDG Group)
> Jwl Systems Department
>
> Worldlink Communications Pvt. Ltd.
>
> Jawalakhel, Nepal
>
> http://www.wlink.com.np
Received on Wed Sep 05 2007 - 17:11:24 MDT