Hey Eliezer, yes, Squid is running on my gateway machine. Thanks a lot. You really did give me a great hint for understanding what's happening on my machines. Specially, now I see that my problem is not caused by Squid, but by my leak of understanding TCP. ;-( Thanks again Hans -------- Original-Nachricht -------- > Datum: Mon, 28 May 2012 23:13:23 +0300 > Von: Eliezer Croitoru <eliezer@xxxxxxxxxxxx> > An: squid-users@xxxxxxxxxxxxxxx > Betreff: Re: Caching issue with http_port when running in transparent mode > hey there Hans, > > are you serving squid on the same machine as the gateway is?(wasnt sure > about the DNAT). > your problem is not directly related to squid but to the way that tcp > and browsers works. > for every connection that the client browser uses exist a tcp windows > that stays alive for a period of time after the page was served. > this will cause to all the connections that was served using port 3128 > to still exist for i think 5 till 10 more minutes or whatever is your > tcp stack settings. > if you want to understand it you can install iptstate and it will give > you a top like view of iptables list of connections and their states. > also you can use the conntrack tools (with -F option) to flush\view the > connections. > if you will flush the connections using "conntrack -F" you will see that > the connection is served on the 3129 port. > > Regards, > Eliezer > > > On 28/05/2012 22:34, Hans Musil wrote: > > Hi, > > > > my box is running on Debian Sqeeze, which uses SQUID version > 2.7.STABLE9, but my problem also seems to affect SQUID version 3.1. > > > > These are the importend lines from my squid.conf: > > > > http_port 3128 transparent > > http_port 3129 transparent > > url_rewrite_program /etc/squid/url_rewrite.php > > > > > > First, I did configure my Linux iptables like this: > > > > # Generated by iptables-save v1.4.8 on Mon May 28 21:04:09 2012 > > *nat > > :PREROUTING ACCEPT [0:0] > > :POSTROUTING ACCEPT [0:0] > > :OUTPUT ACCEPT [0:0] > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination > 10.17.0.1:3128 > > COMMIT > > > > and everything works fine. > > > > But when I change the redirect port in the iptables settings from 3128 > to 3129, Squid behaves strange: My URL rewrite program still gets send > myport=3128, althought there is definitely no more request on this port, but > only on 3129. This only affects HTTP domains that already have been requested > before, i.e. with redirection to port 3128, and it works fine again when I > do a force-reload on my browser. Also, things turn well when waiting some > minutes. > > > > I suppose there is some strange caching inside Squid that maps the HTTP > domain to an incoming port. > > > > Could anybody help with some workaround? > > > > Thanks in advance. > > > > Hans > > > -- > Eliezer Croitoru > https://www1.ngtech.co.il > IT consulting for Nonprofit organizations > eliezer <at> ngtech.co.il -- NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone! Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a
