Re: [squid-users] Problem with Varnish and intercept Squid

From: Amos Jeffries <>
Date: Sat, 03 Dec 2011 22:08:25 +1300

On 3/12/2011 9:38 p.m., Nguyen Hai Nam wrote:
> Hi,
> Now, I'd like to have additional Varnish as a cache agent in front of
> intercept Squid 3.2 (built successfully before).
> Varnish was built with default setting and start up script:
> # ./varnishd -a -b -s malloc,512M
> Varnish will listen at tcp port 8080 first, if the cache is MISS it
> passes to squid to contact the origin server.
> But Squid don't understand and return error:
> BUG: Orphan Comm::Connection: local=
> remote= FD 13 flags=33

Squid does not return this text to Varnish in any form. It is the Squid
log message indicating that something inside Squid failed to close that
connection properly, or failed to keep a reference to it.

Please check that you are running the latest daily bug fixed verison of
Squid. We are in the process of fixing many quite big problems there
this month.

> So, varnish return Error 503 Service Unavailable. What's wrong with
> squid in this case?

You say Squid is an intercepting proxy. If that Varnish traffic is being
sent directly to the Squid interception port it will fail the NAT
interception validation and be rejected by Squid-3.2.

It is highly important to have separate ports in Squid-3 for receiving
forward-proxy traffic (ie from Varnish) and interception traffic (from
NAT or TPROXY kernel modules).

Received on Sat Dec 03 2011 - 09:08:41 MST

This archive was generated by hypermail 2.2.0 : Sat Dec 03 2011 - 12:00:02 MST