Hi Tek and Adrian,
I appreciate the suggestions. We have resolved our issue, which was
related to our custom-built Squid parent that was expecting ICP
connections only from the configured IP address of the Squid
(192.168.1.81). Squid is running on a host system with the IP
192.168.1.17 so we were using the following http_port command:
http_port 192.168.1.81:80
to force Squid to listen on a specified IP address on port 80 for any
connections. We tried to use the following command to get Squid to
make ICP connections from that same IP address:
icp_port 192.168.1.81:3130
but when Squid was trying to initiate an ICP to the Squid parent, it
was using the host system IP (192.168.1.17) instead of the icp_port
IP (192.168.1.81).
Based on that, is there a way to force Squid to initiate ICP
connections from a specific IP rather than the default/host IP address?
Thanks again,
Paul
On Sep 4, 2007, at 2:30 AM, Tek Bahadur Limbu wrote:
Hi Paul,
Paul Bertain wrote:
Hi All,
I am having a problem with our Squid hierarchy. I am getting
TCP_DENIED in the access.log and the cache.log shows a forwarding
loop detected. Here is the access.log entry:
192.168.1.81 - - [03/Sep/2007:14:01:06 -0500] "GET http://
web.example.com/customers/mba HTTP/1.0" 403 1469 TCP_DENIED:NONE
208.106.5.39 - - [03/Sep/2007:14:01:06 -0500] "GET http://
web.example.com/customers/mba HTTP/1.1" 403 1570 TCP_MISS:DIRECT
And here is the cache.log entries:
2007/09/03 13:58:50| parseHttpRequest: NF getsockopt
(SO_ORIGINAL_DST) failed: (92) Protocol not available
2007/09/03 14:00:20| parseHttpRequest: NF getsockopt
(SO_ORIGINAL_DST) failed: (92) Protocol not available
2007/09/03 14:01:06| WARNING: Forwarding loop detected for:
Client: 192.168.1.81 http_port: 192.168.1 1.81:80
GET http://web.example.com/customers/mba HTTP/1.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en)
AppleWebKit/419.3 (KHTML, like Gecko) Safari/419.3
Host: web.accelerint.com
Via: 1.1 squid-1.example .com:80 (squid/2.5.STABLE14)
X-Forwarded-For: 208.106.5.39
Cache-Control: max-age=259200
Connection: keep-alive
I think our Squid parent is not responding so Squid goes direct to
source. Is there a way to ensure that Squid will not go to origin
even if the parent does not respond? We do DNS load-balancing so
when the Squid tries to go direct to source, I think that is where
our loop begins.
Are you running Squid in transparent mode?
Can you show us the output of: squid -v
You can try to use the following directive:
prefer_direct off
In my opinion, this situation usually occurs if your parent squid
cache has some kind of a relationship (possibly sibling) parameter
to your squid cache in it's squid.conf.
Posting your squid.conf might help.
Thanking you...
Thanks,
Paul
--
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
System Administrator
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://www.wlink.com.np
