Re: [squid-users] Problem with options tproxy in squid 3.0

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 06 Oct 2009 10:48:46 +1300

On Mon, 5 Oct 2009 21:51:15 +0200, "Roman" <roman_at_snaiper.net> wrote:
> I use Debian 5.0 with kernel 2.6.31 compiled with tproxy
> dmesg |grep TPROXY
>
> I downloaded ad installed iptables from git.balabit.hu/bazsi
> I use current squid (version squid-3.HEAD-20090929) with options
> '--enable-linux-netfilter'
>
> I can't open web page from client.
>
> The following error was encountered while trying to retrieve the URL:
> http://www.whatismyip.com/
> Connection to 72.233.89.199 failed.
> The system returned: (110) Connection timed out
> The remote host or network may be down. Please try the request again.
> in squid log i see
>
> 2009/10/02 01:39:32.709| PconnPool::key(www.whatismyip.com,80,(no
> domain),xxx.xxx.xxx.xxxis {www.whatismyip.com:80-xxx.xxx.xxx.xxx}
> 2009/10/02 01:39:32.709| PconnPool::pop: lookup for key
> {www.whatismyip.com:80-xxx.xxx.xxx.xxx} failed.
> 2009/10/02 01:39:32.709| FilledChecklist.cc(162) ~ACLFilledChecklist:
> ACLFilledChecklist destroyed 0xbfaf5d38
> 2009/10/02 01:39:32.709| ACLChecklist::~ACLChecklist: destroyed
0xbfaf5d38
>
> what problem ? it's problem in kernel, iptables or squid ? please help
!!!

1) why are you bringing up code issues in squid-users instead of squid-dev?
- particularly for alpha code releases.

2) Exactly why are you pulling from Balabit?
- they only have experimental code available.
- their current code is _very_ untested with new IPv6 support only having 2
testers so far.

3) have you followed up on all the possibilities mentioned at
http://wiki.squid-cache.org/Features/Tproxy4#Troubleshooting ?

4) failure to find an existing persistent connection inside squid is not
unusual. Just means no connections are open yet.

Amos
Received on Mon Oct 05 2009 - 21:48:50 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 06 2009 - 12:00:02 MDT