Adrian Chadd escribió:
> Can you please do a tcpdump of the request from the client andsee if its really asking
> for a port -1?
>
> Thanks,
>
>
>
> Adrian
>
> On Wed, Mar 05, 2008, Mario Salazar Ba?os wrote:
>
>> I have this line in access.log:
>>
>> TCP_DENIED/400 1667 POST
>> http://idse.imss.gob.mx:-1/imss/servlet/gob.imss.idse.afilia.modelos.ModeloAfiliaMovimientos
>> - NONE/- text/html
>>
>> and in my cache.log:
>>
>> The reply for POST
>> http://idse.imss.gob.mx:-1/imss/servlet/gob.imss.idse.afilia.modelos.ModeloAfiliaMovimientos
>> is ALLOWED, because it matched 'all'
>>
>> In my squid.conf I have an acl with all .gob.mx domain and http_access
>> allow to this acl.
>>
>> And I can't access this page, without proxy i have access to this page.
>>
>
>
Here is tcpdump file, host 192.168.13.77 gateway 192.168.13.13 squid
192.168.13.4
14:47:55.398717 IP (tos 0x0, ttl 128, id 1053, offset 0, flags [DF],
proto: TCP (6), length: 40) 192.168.13.77.1287 > 192.168.13.4.3128: .,
cksum 0x58f8 (correct), ack 759 win 64777
14:47:58.101335 IP (tos 0x0, ttl 128, id 1059, offset 0, flags [DF],
proto: TCP (6), length: 48) 192.168.13.77.1289 > 192.168.13.4.3128: S,
cksum 0x3b31 (correct), 2852319496:2852319496(0) win 65535 <mss
1460,nop,nop,sackOK>
14:47:58.101368 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto:
TCP (6), length: 48) 192.168.13.4.3128 > 192.168.13.77.1289: S, cksum
0xed86 (correct), 1547360910:1547360910(0) ack 2852319497 win 5840 <mss
1460,nop,nop,sackOK>
14:47:58.101509 IP (tos 0x0, ttl 128, id 1060, offset 0, flags [DF],
proto: TCP (6), length: 40) 192.168.13.77.1289 > 192.168.13.4.3128: .,
cksum 0x311b (correct), ack 1 win 65535
14:47:58.104496 IP (tos 0x0, ttl 128, id 1061, offset 0, flags [none],
proto: UDP (17), length: 78) 192.168.13.77.137 > 192.168.13.4.137: NBT
UDP PACKET(137): QUERY; REQUEST; UNICAST
14:47:58.104511 IP (tos 0xc0, ttl 64, id 35054, offset 0, flags [none],
proto: ICMP (1), length: 106) 192.168.13.4 > 192.168.13.77: ICMP
192.168.13.4 udp port 137 unreachable, length 86
IP (tos 0x0, ttl 128, id 1061, offset 0, flags [none], proto: UDP
(17), length: 78) 192.168.13.77.137 > 192.168.13.4.137: NBT UDP
PACKET(137): QUERY; REQUEST; UNICAST
14:47:59.603949 IP (tos 0x0, ttl 128, id 1062, offset 0, flags [none],
proto: UDP (17), length: 78) 192.168.13.77.137 > 192.168.13.4.137: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
14:47:59.603986 IP (tos 0xc0, ttl 64, id 35055, offset 0, flags [none],
proto: ICMP (1), length: 106) 192.168.13.4 > 192.168.13.77: ICMP
192.168.13.4 udp port 137 unreachable, length 86
IP (tos 0x0, ttl 128, id 1062, offset 0, flags [none], proto: UDP
(17), length: 78) 192.168.13.77.137 > 192.168.13.4.137: NBT UDP
PACKET(137): QUERY; REQUEST; BROADCAST
14:48:01.104005 IP (tos 0x0, ttl 128, id 1063, offset 0, flags [none],
proto: UDP (17), length: 78) 192.168.13.77.137 > 192.168.13.4.137: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
14:48:01.104041 IP (tos 0xc0, ttl 64, id 35056, offset 0, flags [none],
proto: ICMP (1), length: 106) 192.168.13.4 > 192.168.13.77: ICMP
192.168.13.4 udp port 137 unreachable, length 86
IP (tos 0x0, ttl 128, id 1063, offset 0, flags [none], proto: UDP
(17), length: 78) 192.168.13.77.137 > 192.168.13.4.137: NBT UDP
PACKET(137): QUERY; REQUEST; BROADCAST
14:48:02.604791 IP (tos 0x0, ttl 128, id 1064, offset 0, flags [DF],
proto: TCP (6), length: 490) 192.168.13.77.1289 > 192.168.13.4.3128: P
1:451(450) ack 1 win 65535
14:48:02.604825 IP (tos 0x0, ttl 64, id 44468, offset 0, flags [DF],
proto: TCP (6), length: 40) 192.168.13.4.3128 > 192.168.13.77.1289: .,
cksum 0x1639 (correct), ack 451 win 6432
14:48:02.604842 IP (tos 0x0, ttl 128, id 1065, offset 0, flags [DF],
proto: TCP (6), length: 506) 192.168.13.77.1289 > 192.168.13.4.3128: P
451:917(466) ack 1 win 65535
14:48:02.604850 IP (tos 0x0, ttl 64, id 44469, offset 0, flags [DF],
proto: TCP (6), length: 40) 192.168.13.4.3128 > 192.168.13.77.1289: .,
cksum 0x1037 (correct), ack 917 win 7504
14:48:02.605222 IP (tos 0x0, ttl 64, id 44470, offset 0, flags [DF],
proto: TCP (6), length: 1500) 192.168.13.4.3128 > 192.168.13.77.1289: .
1:1461(1460) ack 917 win 7504
14:48:02.605232 IP (tos 0x0, ttl 64, id 44471, offset 0, flags [DF],
proto: TCP (6), length: 247) 192.168.13.4.3128 > 192.168.13.77.1289: P
1461:1668(207) ack 917 win 7504
14:48:02.605336 IP (tos 0x0, ttl 64, id 44472, offset 0, flags [DF],
proto: TCP (6), length: 40) 192.168.13.4.3128 > 192.168.13.77.1289: F,
cksum 0x09b3 (correct), 1668:1668(0) ack 917 win 7504
14:48:02.605991 IP (tos 0x0, ttl 128, id 1066, offset 0, flags [DF],
proto: TCP (6), length: 40) 192.168.13.77.1289 > 192.168.13.4.3128: .,
cksum 0x2704 (correct), ack 1668 win 65535
14:48:02.605998 IP (tos 0x0, ttl 128, id 1067, offset 0, flags [DF],
proto: TCP (6), length: 40) 192.168.13.77.1289 > 192.168.13.4.3128: .,
cksum 0x2703 (correct), ack 1669 win 65535
--Received on Wed Mar 05 2008 - 15:53:14 MST
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:04 MDT