-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Bruce, On Thu, 25 Oct 2007 09:58:39 +0800 "Cheng Bruce" <itlist@xxxxxxxxx> wrote: > Dear all, > > Recently I meet the strange problem, Squid can't access some web > sites. For example, http://www.hsa.gov.sg/ > > I'm using pfSense 1.2-RC2(built on Fri Aug 17 17:46:06 EDT 2007), and > I have Squid ( 2.6.5_1-p15) installed as a transparent proxy on my > LAN. All seemed to be working fine until my users told me there's the > website that can't see. Most of the times, it's not Squid's problem if it can't access some sites. It's either some misconfigured web server or firewall which is causing the problem in the 1st place. Squid just reports the errors. So pfSense is based on OpenBSD's PF firewall. Which OS is your hardware running on? > > I check the access.log, I saw a lot of TCP_MISS, and I use ethereal to > trace from my local computer to that web site, It seems to lost some > packets. I can browse this site using either my transparent proxy or manually putting the proxy serer in my web browser. Although, the first time, I admit that it took a long time to access it. However, once the pages start loading, the browsing of this site is fine. > > The browser of the windows clients only can see the title and the > browser just keeps trying to connect the HTML page until it times-out, > its source html page is not full retrieved. > I looked up the source of this website, it has not finished with this > tag </html> What is the exact error message that Squid reports before timing out? Since your clients can see the Title of the web page, then the problem must be somewhere between your pfSense box and the remote web server. How did you install Squid? Are you sure that your ACLs are not affecting this site? > > I tried to modify the squid.conf to directly connect out without > caching, I google it and found this page > http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#head-d82a8d4c42f3600c857cef92d77d76914af54592 > (Can I make Squid go direct for some sites?) and modified the setting > then restarted. It still can't work it out. This only works if you have a parent proxy. You probably have to edit your firewall to bypass this site from your transproxy. > > I found another article > http://wiki.squid-cache.org/SquidFaq/SystemWeirdnesses#head-699d810035c099c8b4bff21e12bb365438a21027 > ( Can't connect to some sites through Squid ) > But don't know how to test it in pfSense. Is your pfSense a commercial customized box or did you just installed this pfSense on a local Linux/BSD machine? > > I asked my friends access this web site via their own squid proxy, > they have the same problems, therefore I don't think it is due to > pfSnese. Well since I can access this site, it could also mean the problem is arising due to pfSense. But I am not sure about it. > > Any suggestions will be appreciated. Maybe, the following results could provide something if any: 12:21:25 root@proxy:~$ telnet www.hsa.gov.sg 80 Trying 160.96.5.221... Connected to www.hsa.gov.sg. Escape character is '^]'. GET / HTTP/1.0 HTTP/1.1 302 Moved Temporarily Server: Sun-ONE-Web-Server/6.1 Date: Thu, 25 Oct 2007 07:16:39 GMT Content-length: 0 Content-type: text/html Location: http://www.hsa.gov.sg/publish/hsaportal/en/home.html Connection: close Set-Cookie: BIGipServerHSA_Portia_Inter=403298058.20480.0000; path=/ Connection closed by foreign host. 13:03:43 root@proxy:~$ telnet www.hsa.gov.sg 80 Trying 160.96.5.221... Connected to www.hsa.gov.sg. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 302 Moved Temporarily Server: Sun-ONE-Web-Server/6.1 Date: Thu, 25 Oct 2007 07:17:02 GMT Content-length: 0 Content-type: text/html Location: http://www.hsa.gov.sg/publish/hsaportal/en/home.html Connection: close Set-Cookie: BIGipServerHSA_Portia_Inter=403298058.20480.0000; path=/ Connection closed by foreign host. Thanking you... > > Please advise me. > Thank you in advance. > Best Regards, > Bruce > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np http://teklimbu.wordpress.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHIEwQfpE0pz+xqQQRAk2yAJ0e0M1IMNXaqrZRm0ab9s/m9f0uVwCfeDBA 1f0hez/TWpiSOERnsTx+C0k= =KKBm -----END PGP SIGNATURE-----