RE: [squid-users] Getting Connection Refused When Multiple Interfaces Enabled

I don't believe I have anything other than the selinux-libs installed,
don't think there is anything running related to them though.
Here are the settings you were asking about
http_port 3128
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.1.0/24 # RFC1918 possible internal network
acl localnet src 172.16.0.0/16
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all

Im wondering if this may be a driver issue, I have three nics in this
machine and the are all using the same driver. may be nothing but I am
looking into that as well

Liam Campbell, Computer Tech

Desert Valley Hospital

16850 Bear Valley Road

Victorville, CA 92392

(760) 241-8000 x 8727

"Patience is the companion of wisdom."

-- Saint Augustine

Notice: This e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communications is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you.
-----Original Message-----

From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Wednesday, April 29, 2009 2:13 AM
To: Liam Campbell
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Getting Connection Refused When Multiple
Interfaces Enabled

Liam Campbell wrote:
> Let me explain my setup before I go into any details
>
> I have a squid proxy with network A(192.168.1.0) connecting through
> eth1 and network B(172.16.29.0) connecting through eth2.
> the Interface going out to the internet is eth0. The Proxy had been
> working just fine when only network A was connected however I needed
> to add network B to the mix. Installed the card, added new network to
> the acl and brought the interface up. Now when I try connecting to
> anything with my client machines on either network I either get
> Connection Refused(error received from squid) or the Connection Times
> out. When I drop eth2 so network B is no long connected network A is
> again able to connect. So my question is what would be causing this
> and how can I fix/get around it. At the moment I have no iptables
> rules in affect. I have Squid 3.0 installed.
>

I reflexively think ... With what settings?
   http_port
   acl
   http_access

But on re-reading. You may be having issues with routing. Check the IPs
assigned to the interfaces, and the routes, particularly the default
route are not being affected.

Do requests sent through NIC B get to the Internet properly? Sounds a
bit like that is being attempted somehow.

Also, maybe the router for network 192.168.*.* is firewalling 172.*.*.*
outside your box. If squid is somehow grabbing one of those IPs from the
system on send that could be an issue.

Also, on the rare chance, do you have SELinux or something doing nasty
magic behind your back?

Amos

--
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
   Current Beta Squid 3.1.0.7