[squid-users] RE: Connection reset by peer

Hi All,

Further to this, I have rolled back to Squid 3.1.23 and there appears to be no issue, the website works fine.

Is anyone else having similar issues with Squid 3.3.x ?

Cheers, John.

> -----Original Message-----
> From: John Kenyon
> Sent: Wednesday, 9 October 2013 8:42 AM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Connection reset by peer
>
> Hi All,
>
> Hope someone can shed some light on a problem I am experiencing... I can
> reproduce a "(104) Connection reset by peer" error consistently on a certain
> website when trying to login.
>
> When the 502 bad gateway issue appears it looks like there is a missing FIN
> packet.
>
> I can access this site fine behind our company firewall, just have a problem
> when using squid proxy... here is a bit more info:
>
> Relevant lines in Squid access.log
>
> 1381271050.480 424 192.168.0.25 TCP_MISS/200 414 POST
> http://www.cmmsau.com/scripts/mms.dll/JAWS/MMS/acs/f_login -
> HIER_DIRECT/66.151.79.155 text/html
> 1381271050.838 297 192.168.0.25 TCP_MISS/502 3710 GET
> http://www.cmmsau.com/scripts/mms.dll/JAWS/MMS/acs/f_redirect? -
> HIER_DIRECT/66.151.79.155 text/html
>
> Here is a tcpdump:
>
> # tcpdump -i eth0 dst 66.151.79.155
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 16:53:53.462042 IP proxyserver.33784 > 66.151.79.155.http: S
> 264441315:264441315(0) win 5840 <mss 1460,sackOK,timestamp 447447258
> 0,nop,wscale 8>
> 16:53:53.665606 IP proxyserver.33784 > 66.151.79.155.http: . ack 258927824
> win 23 <nop,nop,timestamp 447447462 0>
> 16:53:53.666037 IP proxyserver.33784 > 66.151.79.155.http: P 0:636(636) ack 1
> win 23 <nop,nop,timestamp 447447462 0>
> 16:53:53.666217 IP proxyserver.33784 > 66.151.79.155.http: P 636:711(75) ack
> 1 win 23 <nop,nop,timestamp 447447462 0>
> 16:53:53.903639 IP proxyserver.33784 > 66.151.79.155.http: . ack 327 win 27
> <nop,nop,timestamp 447447700 4801001>
> 16:53:54.028623 IP proxyserver.33784 > 66.151.79.155.http: P 711:1363(652)
> ack 327 win 27 <nop,nop,timestamp 447447825 4801001>
>
> # tcpdump -i eth0 src 66.151.79.155
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 16:55:17.007426 IP 66.151.79.155.http > proxyserver.34334: S
> 2581779361:2581779361(0) ack 350474126 win 16384 <mss 1380,nop,wscale
> 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
> 16:55:17.225169 IP 66.151.79.155.http > proxyserver.34334: . ack 714 win
> 64822 <nop,nop,timestamp 4801834 447530601>
> 16:55:26.115901 IP 66.151.79.155.http > proxyserver.34334: P 1:327(326) ack
> 714 win 64822 <nop,nop,timestamp 4801924 447530601>
> 16:55:26.552923 IP 66.151.79.155.http > proxyserver.34334: . ack 1366 win
> 64170 <nop,nop,timestamp 4801928 447540018>
> 16:55:26.943813 IP 66.151.79.155.http > proxyserver.34334: R 327:327(0) ack
> 1366 win 0
>
> Squid Cache: Version 3.3.9
> configure options: '--prefix=/usr' '--includedir=/usr/include' '--
> datadir=/usr/share' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--
> localstatedir=/var' '--sysconfdir=/etc/squid' '--enable-auth' '--enable-auth-
> basic=ldap,getpwnam' '--enable-auth-ntlm=smb_lm' '--enable-external-acl-
> helpers=wbinfo_group,session' '--enable-removal-policies=heap,lru' '--enable-
> async-io' '--enable-storeio=aufs,ufs' '--enable-poll' '--enable-ntlm-fail-open' '--
> disable-ident-lookups' '--enable-delay-pools' '--disable-ipv6' --enable-ltdl-
> convenience
>
> I have played around with settings for ECN and Window Scaling but no luck...
> Any ideas guys?
>
> Cheers, John
Received on Wed Oct 09 2013 - 00:10:32 MDT