Re: [squid-users] Caching issue with http_port when running in transparent mode

Hey Eliezer,

yes, Squid is running on my gateway machine.

Thanks a lot. You really did give me a great hint for understanding what's happening on my machines. Specially, now I see that my problem is not caused by Squid, but by my leak of understanding TCP. ;-(

Thanks again

Hans

-------- Original-Nachricht --------
> Datum: Mon, 28 May 2012 23:13:23 +0300
> Von: Eliezer Croitoru <eliezer_at_ngtech.co.il>
> An: squid-users_at_squid-cache.org
> Betreff: Re: [squid-users] Caching issue with http_port when running in transparent mode

> hey there Hans,
>
> are you serving squid on the same machine as the gateway is?(wasnt sure
> about the DNAT).
> your problem is not directly related to squid but to the way that tcp
> and browsers works.
> for every connection that the client browser uses exist a tcp windows
> that stays alive for a period of time after the page was served.
> this will cause to all the connections that was served using port 3128
> to still exist for i think 5 till 10 more minutes or whatever is your
> tcp stack settings.
> if you want to understand it you can install iptstate and it will give
> you a top like view of iptables list of connections and their states.
> also you can use the conntrack tools (with -F option) to flush\view the
> connections.
> if you will flush the connections using "conntrack -F" you will see that
> the connection is served on the 3129 port.
>
> Regards,
> Eliezer
>
>
> On 28/05/2012 22:34, Hans Musil wrote:
> > Hi,
> >
> > my box is running on Debian Sqeeze, which uses SQUID version
> 2.7.STABLE9, but my problem also seems to affect SQUID version 3.1.
> >
> > These are the importend lines from my squid.conf:
> >
> > http_port 3128 transparent
> > http_port 3129 transparent
> > url_rewrite_program /etc/squid/url_rewrite.php
> >
> >
> > First, I did configure my Linux iptables like this:
> >
> > # Generated by iptables-save v1.4.8 on Mon May 28 21:04:09 2012
> > *nat
> > :PREROUTING ACCEPT [0:0]
> > :POSTROUTING ACCEPT [0:0]
> > :OUTPUT ACCEPT [0:0]
> > -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination
> 10.17.0.1:3128
> > COMMIT
> >
> > and everything works fine.
> >
> > But when I change the redirect port in the iptables settings from 3128
> to 3129, Squid behaves strange: My URL rewrite program still gets send
> myport=3128, althought there is definitely no more request on this port, but
> only on 3129. This only affects HTTP domains that already have been requested
> before, i.e. with redirection to port 3128, and it works fine again when I
> do a force-reload on my browser. Also, things turn well when waiting some
> minutes.
> >
> > I suppose there is some strange caching inside Squid that maps the HTTP
> domain to an incoming port.
> >
> > Could anybody help with some workaround?
> >
> > Thanks in advance.
> >
> > Hans
>
>
> --
> Eliezer Croitoru
> https://www1.ngtech.co.il
> IT consulting for Nonprofit organizations
> eliezer <at> ngtech.co.il

-- 
NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone!                                  
Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a