Hi Eliezer,
Thanks for a detailed troubleshooting steps. I nailed down on the
issue by using telnet. I had initially setup squid and c-icap on same
machine and had put iptable rules to divert all the http traffic to
pass squid's default port. Doing so I might have messed up the rules
which was blocking squid to communicate with icap server configured on
another machine.
Thanks for the info, I will use these steps in future
Best,
Anil
On Mon, Dec 16, 2013 at 7:37 AM, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:
> Hey Anil,
>
> The first thing to start with is to use telnet or netcat to verify that the
> ICAP service is working in the TCP level.
> "nc -v 192.168.10.9 1344"
> should also show some useful information on the basic connection status.
> You can also try to run it on the same machine of the ICAP service and from
> another IP and\or machine on the network.
>
> The next thing is to try to understand if the service allows OPTIONS
> requests or\and service outside the scope of the localhost(127.0.0.1).
> It can be firewall level or service settings.
>
> By the way what ICAP service are you using? c-icap ? Is it the basic c-icap
> service?
>
> I assume that if it works on the same machine fine the software should
> provide the basic functions but it needs to be tested.
> Squid first test for an OPTIONS icap request which is kind of a "echo ping"
> test for the ICAP service state.
>
> In a case you got into the level of tcpdump I would try to just see if
> GreasySpoon works on the same topology and hosts:
> https://github.com/jburnim/GreasySpoon
>
> It is a nice ICAP service which actually works very well and is good for
> testing purposes.
> I have not used it in a production network but it shows how the protocol
> implemented in a very good way that can be tested and learned.
>
> The settings which you describe is a bit weird but leave it for now.
>
> All The Bests,
> Eliezer
>
>
> On 11/12/13 13:17, Anil Kapu wrote:
>>
>> Hi,
>>
>> I'm a new to squid and ICAP and requesting for help. I'm trying to
>> setup a URL filtering feature provided by c-icap server. I'm having
>> trouble configuring my Squid Server to communicate with the ICAP
>> server setup on a remote machine. If I have ICAP server on same
>> machine as Squid server(127.0.0.1), there is no issue in communication
>> between squid and ICAP server. URL blocking also occurs successfully
>>
>> Following is the setup:
>> I have setup Squid on 192.168.10.8 and ICAP server on 192.168.10.9, on
>> 192.168.10.8 in squid.conf file I have provided "icap_service
>> service_req reqmod_precache routing=on bypass=1 icap://<icap server
>> ip>:1344/url_check_module".
>>
>> When I try to open any URL on the machine where squid is setup I get
>> following error in squid log "optional ICAP service is down after an
>> options fetch failure: icap://192.168.10.9:1344/url_check_module
>> [down,!opt]" (I have setup my iptables to route all the http traffic
>> to squid port 3128)
>>
>> I have attached my squid config file setting below
>>
>> Any help here is much appreciated
>> Thanks
>> Anil
>
>
Received on Tue Dec 17 2013 - 06:33:31 MST
This archive was generated by hypermail 2.2.0 : Tue Dec 17 2013 - 12:00:04 MST