As it turned out, squid was getting back an IPv6 address for most sites.
Squid's returned error page displayed an IPv6 address clued me in.
Interestingly, a few sites worked since the IPv4 addresses were returned for
them. yahoo.com was returning IPv6, but ebay.com didn't. CentOS has IPv6
enabled by default as it seems, but since I never considered it I never did
anything about it so my IPv6 setup is non existent and broken.
Not sure why only squid got back IPv6 addresses while other programs didn't.
Anyway I went and disabled IPv6 in CentOS in every way I know, and finally
Squid is working on my NATed NICs without the tcp_outgoing_address config.
joel123 wrote
> That's what I figured, but this is just a out of box CentOS install, and I
> have no problem with other programs, like wget, ping, yum, and firefox.
>
> Anyways, thanks for replying. I will try to figure out what's wrong.
> Amos Jeffries-2 wrote
>> On 7/05/2013 3:59 a.m., Joel Chen wrote:
>>> I have a simple CentOS 6.4 server setup with 2 NICs, eth1 hooks to the
>>> Cable Modem, eth2 hooks to the internal network at 10.10.10.1 and is
>>> NATed. I setup squid3 using the default config file and modified the
>>> few items such as localnet IP etc, and then point the browser on a
>>> machine connected to the 10.xxx network to use squid, but I can't get
>>> anything until I added a tcp_outgoing_address eth1_ip_address entry to
>>> squid config. Otherwise Squid returned connection failed error. I
>>> looked around many tutorials and examples and it seems others don't
>>> need tcp_outgoing_address unless they want to do some kind of
>>> balancing etc.
>>>
>>> I have no trouble reaching outside on my server with other programs,
>>> such as the browser. So I wonder how squid is working for others
>>> without the tcp_outgoing_address while it doesn't work on my setup.
>>> What enables squid to be able to reach the outside using the IP that's
>>> connected to the NATed LAN?
>>
>> Squid is just like any other software, it opens a socket and lets the OS
>> decide what IP address to send from (usually the box pimary address).
>> The OS routing systems then take over and decide how the packet will
>> reach the destination Squid was connecting to.
>>
>> For that to go wrong you have to have broken the OS packet routing
>> systems. You said NAT was in use, so there and the routing table are the
>> places to look. Please contact your OS firewall vendor for more help.
>> This is nothing to do with Squid.
>>
>> Amos
-- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/With-2-NICs-NATed-how-s-squid-working-without-tcp-outgoing-address-tp4659812p4659875.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Thu May 09 2013 - 07:14:20 MDT
This archive was generated by hypermail 2.2.0 : Thu May 09 2013 - 12:00:07 MDT