On Mon, 21 Nov 2011 12:55:19 +0100, J4K wrote:
> Hi there,
>
> I noticed one of the clients accessing the squid proxy is not
> fetching
> the data,
> 10.254.66.142 - - [21/Nov/2011:12:49:01 +0100] "CONNECT
> xmlrpc.rhn.redhat.com:443 HTTP/1.1" 200 6668 TCP_MISS:DIRECT
Successful "CONNECT" request. 6668 bytes of data were received back
over the tunnel to the client.
> 10.254.66.142 - - [21/Nov/2011:12:49:06 +0100] "CONNECT
> xmlrpc.rhn.redhat.com:443 HTTP/1.1" 200 6583 TCP_MISS:DIRECT
Successful "CONNECT" request. 6538 bytes of data were received back
over the tunnel to the client.
>
> Squid proxy can connect with this address so problem is not the
> firewall,
> # telnet xmlrpc.rhn.redhat.com 443
> Trying 209.132.183.44...
> Connected to xmlrpc.rhn.redhat.com (209.132.183.44).
> Escape character is '^]'.
> ^]
>
This test agrees completely with what is being logged. A TCP connection
was successfully (200) made by Squid "DIRECT"-ly to
"mlrpc.rhn.redhat.com:443".
*Also* Squid is logging that ~6KB of data was sent over that tunnel
connection.
There appears to be no problem.
<snip>
>
> I do get an ACL warning, but am unsure if its the reason the data is
> not
> served.
> aclParseIpData: WARNING: Netmask masks away part of the specified IP
> in
> '10.254.66.0/22'
Unrelated, but worth fixing anyway. *.66.0 is not the start IP of a /22
range.
Do you want to match 10.254.64.0/22? or 10.254.66.0-10.254.67.255 ? or
something else?
Amos
Received on Mon Nov 21 2011 - 22:25:23 MST
This archive was generated by hypermail 2.2.0 : Tue Nov 22 2011 - 12:00:03 MST