On Mon, 5 Oct 2009 21:51:15 +0200, "Roman" <roman@xxxxxxxxxxx> wrote: > I use Debian 5.0 with kernel 2.6.31 compiled with tproxy > dmesg |grep TPROXY > > I downloaded ad installed iptables from git.balabit.hu/bazsi > I use current squid (version squid-3.HEAD-20090929) with options > '--enable-linux-netfilter' > > I can't open web page from client. > > The following error was encountered while trying to retrieve the URL: > http://www.whatismyip.com/ > Connection to 72.233.89.199 failed. > The system returned: (110) Connection timed out > The remote host or network may be down. Please try the request again. > in squid log i see > > 2009/10/02 01:39:32.709| PconnPool::key(www.whatismyip.com,80,(no > domain),xxx.xxx.xxx.xxxis {www.whatismyip.com:80-xxx.xxx.xxx.xxx} > 2009/10/02 01:39:32.709| PconnPool::pop: lookup for key > {www.whatismyip.com:80-xxx.xxx.xxx.xxx} failed. > 2009/10/02 01:39:32.709| FilledChecklist.cc(162) ~ACLFilledChecklist: > ACLFilledChecklist destroyed 0xbfaf5d38 > 2009/10/02 01:39:32.709| ACLChecklist::~ACLChecklist: destroyed 0xbfaf5d38 > > what problem ? it's problem in kernel, iptables or squid ? please help !!! 1) why are you bringing up code issues in squid-users instead of squid-dev? - particularly for alpha code releases. 2) Exactly why are you pulling from Balabit? - they only have experimental code available. - their current code is _very_ untested with new IPv6 support only having 2 testers so far. 3) have you followed up on all the possibilities mentioned at http://wiki.squid-cache.org/Features/Tproxy4#Troubleshooting ? 4) failure to find an existing persistent connection inside squid is not unusual. Just means no connections are open yet. Amos
