Re: [squid-users] Squid unable to connect, but get TCP_MISS:DIRECT

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 22 Nov 2011 11:25:20 +1300

 On Mon, 21 Nov 2011 12:55:19 +0100, J4K wrote:
> Hi there,
>
> I noticed one of the clients accessing the squid proxy is not
> fetching
> the data,
> 10.254.66.142 - - [21/Nov/2011:12:49:01 +0100] "CONNECT
> xmlrpc.rhn.redhat.com:443 HTTP/1.1" 200 6668 TCP_MISS:DIRECT

 Successful "CONNECT" request. 6668 bytes of data were received back
 over the tunnel to the client.

> 10.254.66.142 - - [21/Nov/2011:12:49:06 +0100] "CONNECT
> xmlrpc.rhn.redhat.com:443 HTTP/1.1" 200 6583 TCP_MISS:DIRECT

 Successful "CONNECT" request. 6538 bytes of data were received back
 over the tunnel to the client.

>
> Squid proxy can connect with this address so problem is not the
> firewall,
> # telnet xmlrpc.rhn.redhat.com 443
> Trying 209.132.183.44...
> Connected to xmlrpc.rhn.redhat.com (209.132.183.44).
> Escape character is '^]'.
> ^]
>

 This test agrees completely with what is being logged. A TCP connection
 was successfully (200) made by Squid "DIRECT"-ly to
 "mlrpc.rhn.redhat.com:443".

 *Also* Squid is logging that ~6KB of data was sent over that tunnel
 connection.

 There appears to be no problem.

 <snip>
>
> I do get an ACL warning, but am unsure if its the reason the data is
> not
> served.
> aclParseIpData: WARNING: Netmask masks away part of the specified IP
> in
> '10.254.66.0/22'

 Unrelated, but worth fixing anyway. *.66.0 is not the start IP of a /22
 range.

 Do you want to match 10.254.64.0/22? or 10.254.66.0-10.254.67.255 ? or
 something else?

 Amos
Received on Mon Nov 21 2011 - 22:25:23 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 22 2011 - 12:00:03 MST