Jan Houtsma wrote:
Op 10-3-2010 1:44, Amos Jeffries schreef:
On Tue, 09 Mar 2010 21:42:42 +0100, Jan Houtsma <list@xxxxxxxxxxx> wrote:
Op 9-3-2010 21:37, Henrik Nordström schreef:
tis 2010-03-09 klockan 19:49 +0100 skrev Jan Houtsma:
Yes. The wget was from the squid server itself where using the proxy
it
fails, and using direct internet connection it works.
What does access.log say when it fails? Do the reported server address
match what you expect it to be for the requested host?
1268167273.909 250 192.168.1.16 TCP_MISS/503 4234 GET
http://www.google.com/ - DIRECT/www.google.com text/html
So when squid is forwarding the http-GET request it fails. But when
wget
itself sends the http-GET request it works.
Perhaps time to fire up wireshark to look at the traffic..
The error message received is very low level.. squid could not even
open
the TCP connection to the server.
Regards
Henrik
Yea, will do that
That log trace you showed had Squid attempting and failing to connect to
IPv6-google.
I would suspect a v6 routing failure here. Squid-3.1 has known bugs with
failover to IPv4 if IPv6 fails on a mixed-IP domain.
Does the wget direct test you made from the Squid box use google IPv6
addresses for its succeeding connection?
Amos
Hi,
I agree! Then how can i prevent this? I also noticed mixed AAAA and A
records coming back from the resolver in the tcpdump traces. Is quid
confused? But i don't know if that could be the reason that squid fails
and succeeds when i press ^R within a few seconds after the first
failure..... If that is IP-v6 related what should i do? I guess i am not
the only person in the world that is using squid v3.1 on a fedora box. I
think it's strange that only i seem to have this symptom? It also only
started recently. Can it be that google made changed in DNS or that
squid was updated via yum? I do see squid was updated on both march 28
and on march 5 on my box.
Nov 25 20:39:57 Updated: 7:squid-3.0.STABLE10-1.fc10.x86_64
Dec 22 22:03:18 Updated: 7:squid-3.0.STABLE10-3.fc10.x86_64
Feb 28 16:19:57 Updated: 7:squid-3.1.0.16-6.fc12.x86_64
<----- Google problem started to happen here???
Mar 05 14:38:11 Updated: 7:squid-3.1.0.17-3.fc12.x86_64
It could well be that it started on feb 28 when squid was bumped up to
version 3.1??
Most likely. 3.1 adds IPv6 support where 3.0 would not even try to use
it. Henrik is the one who would know if the "-3" patched package fixes
the related issues from 3.1.0.16.
I more suspect some blockage somewhere in the network, however. Squid is
getting "cannot connect", which indicates something like a firewall or
tunnel PMTU issue between Squid and google.
The squid internal issues I know of tend to show up as "cannot assign
address", or "family not supported", or trying to contact a mangled
v4-mapped address.
FWIW: We are happily receiving Google IPv6 here with the code about to
be released as 3.1.0.18. Available in daily snapshots now.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE8 or 3.0.STABLE24
Current Beta Squid 3.1.0.17
