As it turned out, squid was getting back an IPv6 address for most sites. Squid's returned error page displayed an IPv6 address clued me in. Interestingly, a few sites worked since the IPv4 addresses were returned for them. yahoo.com was returning IPv6, but ebay.com didn't. CentOS has IPv6 enabled by default as it seems, but since I never considered it I never did anything about it so my IPv6 setup is non existent and broken. Not sure why only squid got back IPv6 addresses while other programs didn't. Anyway I went and disabled IPv6 in CentOS in every way I know, and finally Squid is working on my NATed NICs without the tcp_outgoing_address config. joel123 wrote > That's what I figured, but this is just a out of box CentOS install, and I > have no problem with other programs, like wget, ping, yum, and firefox. > > Anyways, thanks for replying. I will try to figure out what's wrong. > Amos Jeffries-2 wrote >> On 7/05/2013 3:59 a.m., Joel Chen wrote: >>> I have a simple CentOS 6.4 server setup with 2 NICs, eth1 hooks to the >>> Cable Modem, eth2 hooks to the internal network at 10.10.10.1 and is >>> NATed. I setup squid3 using the default config file and modified the >>> few items such as localnet IP etc, and then point the browser on a >>> machine connected to the 10.xxx network to use squid, but I can't get >>> anything until I added a tcp_outgoing_address eth1_ip_address entry to >>> squid config. Otherwise Squid returned connection failed error. I >>> looked around many tutorials and examples and it seems others don't >>> need tcp_outgoing_address unless they want to do some kind of >>> balancing etc. >>> >>> I have no trouble reaching outside on my server with other programs, >>> such as the browser. So I wonder how squid is working for others >>> without the tcp_outgoing_address while it doesn't work on my setup. >>> What enables squid to be able to reach the outside using the IP that's >>> connected to the NATed LAN? >> >> Squid is just like any other software, it opens a socket and lets the OS >> decide what IP address to send from (usually the box pimary address). >> The OS routing systems then take over and decide how the packet will >> reach the destination Squid was connecting to. >> >> For that to go wrong you have to have broken the OS packet routing >> systems. You said NAT was in use, so there and the routing table are the >> places to look. Please contact your OS firewall vendor for more help. >> This is nothing to do with Squid. >> >> Amos -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/With-2-NICs-NATed-how-s-squid-working-without-tcp-outgoing-address-tp4659812p4659875.html Sent from the Squid - Users mailing list archive at Nabble.com.
