[squid-users] Squid unable to connect, but get TCP_MISS:DIRECT from J4K on 2011-11-21 (squid-users)

From: J4K <junk4_at_klunky.co.uk>
Date: Mon, 21 Nov 2011 12:55:19 +0100

Hi there,

I noticed one of the clients accessing the squid proxy is not fetching
the data,
10.254.66.142 - - [21/Nov/2011:12:49:01 +0100] "CONNECT
xmlrpc.rhn.redhat.com:443 HTTP/1.1" 200 6668 TCP_MISS:DIRECT
10.254.66.142 - - [21/Nov/2011:12:49:06 +0100] "CONNECT
xmlrpc.rhn.redhat.com:443 HTTP/1.1" 200 6583 TCP_MISS:DIRECT

Squid proxy can connect with this address so problem is not the firewall,
# telnet xmlrpc.rhn.redhat.com 443
Trying 209.132.183.44...
Connected to xmlrpc.rhn.redhat.com (209.132.183.44).
Escape character is '^]'.
^]

The squid.conf has the entry to allow 443,
acl SSL_ports port 443 563 22
acl Safe_ports port 443 563 22

I have an ACL specified for the subnet:
acl 10.254.66 src 10.254.66.0/22
http_access allow 10.254.66

Finally, the squid -v results,
# squid -v
Squid Cache: Version 2.6.STABLE21
configure options: '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--sharedstatedir=/usr/com'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--exec_prefix=/usr' '--bindir=/usr/sbin'
'--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
'--datadir=/usr/share' '--sysconfdir=/etc/squid' '--enable-arp-acl'
'--enable-epoll' '--enable-snmp' '--enable-removal-policies=heap,lru'
'--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl'
'--with-openssl=/usr/kerberos' '--enable-delay-pools'
'--enable-linux-netfilter' '--with-pthreads'
'--enable-ntlm-auth-helpers=SMB,fakeauth'
'--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group'
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-digest-auth-helpers=password' '--with-winbind-auth-challenge'
'--enable-useragent-log' '--enable-referer-log'
'--disable-dependency-tracking' '--enable-cachemgr-hostname=localhost'
'--enable-underscores'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL'
'--enable-cache-digests' '--enable-ident-lookups'
'--enable-follow-x-forwarded-for' '--enable-wccpv2' '--enable-fd-config'
'--with-maxfd=16384' 'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu'
'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-D_FORTIFY_SOURCE=2 -fPIE
-Os -g -pipe -fsigned-char' 'LDFLAGS=-pie

I do get an ACL warning, but am unsure if its the reason the data is not
served.
aclParseIpData: WARNING: Netmask masks away part of the specified IP in
'10.254.66.0/22'

Does anyone know what I've missed?

Best regards.
Received on Mon Nov 21 2011 - 11:54:45 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 22 2011 - 12:00:03 MST