Hi,
On Fri, 20 Jul 2001, Smith, Kraig wrote:
> Hello,
> I have a question regarding using squid as an accelerator.
>
> We are currently testing a secure squid platform (2.4) setup as an
> accelerator on a Linux 7.1 to access a web server inside our firewall and is
> working very well.
>
> We have noticed that when a request is made to the accelerator and the
> request is then sent to the web server that it sends
> quite a few port calls to the web server. These usually are in the port
> range of 1029 to 1340. We were wondering why?
Squid makes a connetion to the web server for each request it gets. When
cretaing the socket it will leave the port blank. The OS will fill it in
with the next available port > 1023. That's what you are seeing.
> We believed that it should only be calling the port number that we
> designated in the squid configuration say 3120 or some other number.
That is the port squid listens on. Not the one it makes connections on. It
cannot use a fixed port for connections because it would not be able to
distinguish between tcp sessions.
A network "connection" is defined by a tuple of 5 items
1. Source IP address
2. Source port
3. Destination IP address
4. Destination port
5. Protocol (TCP|UDP)
In order to identify different "connections" one of these 5 must change
for every connection. In your case 1,3,4 and 5 are fixed (squid address,
web server address, web server port, protocol) Thus there's only one thing
to change, the source port.
Colin
Received on Sun Jul 22 2001 - 17:58:18 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:17 MST