Hi Team, I setup an apache web server and squid3 running on the same machine . But when I try to access the web-server pages from client machine, I always ended up in the ERR_CONNETC_FAIL error. I tried all the alternatives and configurations from Google , but it was not helping me to solve the issue. Error 1376330104.848 179954 172.30.11.122 TCP_MISS/504 3880 GET http://172.30.11.124/logs/access.log - DIRECT/172.30.11.124 text/html [Host: 172.30.11.124\r\nUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.12) Gecko/20130109 Firefox/10.0. 12\r\nAccept: text/html,application/xhtml+ xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-us,en;q=0.5\r\nA ccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\n] [HTTP/1.0 504 Gateway Time-out\r\nServer: squid/3.1.20\r \nMime-Version: 1.0\r\nDate: Mon, 12 Aug 2013 17:55:04 GMT\r\nContent-Type: text/html\r\nContent-Length: 3506\r\nX-Sq uid-Error: ERR_CONNECT_FAIL 110\r\nVary: Accept-Language\r\nContent-Language: en-us\r\n\r] Topology ---------------- 172.30.11.122(client ) ---------- 172.30.11.124 (webserver and squid3 running) Squid version and OS -------------------------------- squid3 -v Squid Cache: Version 3.1.20 Debian wheezy(7.0) Iptable rules --------------------- iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 IP rules -------------- ip -f inet rule add fwmark 1 lookup 100 ip -f inet route add local default dev eth0 table 100 squid.conf -------------- acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl SSL_ports port 443 acl SSL_ports port 563 acl SSL_ports port 873 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl Safe_ports port 631 acl Safe_ports port 873 acl Safe_ports port 901 acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_reply_access allow all http_port 3128 http_port 3129 tproxy hierarchy_stoplist cgi-bin ? cache_mem 256 MB cache_dir ufs /var/spool/squid3 1000 16 256 maximum_object_size 20480 KB access_log /var/log/squid3/access.log cache_log /var/log/squid3/cache.log mime_table /usr/share/squid3/mime.conf log_mime_hdrs on refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] acl apache rep_header Server ^Apache hosts_file /etc/hosts coredump_dir /var/spool/squid3 acl localnet src 172.30.11.0/24 http_access allow localhost http_access allow localnet cache allow all request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all Tcpdump ---------------- tcpdump -i eth0 "port 80" tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 23:23:35.965778 IP 172.30.11.124.http > 172.30.11.122.42895: Flags [S.], seq 147932214, ack 1341835953, win 14480, options [mss 1460,sackOK,TS val 6510344 ecr 6510344,nop,wscale 5], length 0 23:23:35.965904 IP 172.30.11.122.42895 > 172.30.11.124.http: Flags [R], seq 1341835953, win 0, length 0 23:24:04.896138 IP 172.30.11.124.http > 172.30.11.122.37138: Flags [S.], seq 111903872, ack 124904408, win 14480, options [mss 1460,sackOK,TS val 6517576 ecr 6517576,nop,wscale 5], length 0 23:24:04.896263 IP 172.30.11.122.37138 > 172.30.11.124.http: Flags [R], seq 124904408, win 0, length 0 23:24:05.893767 IP 172.30.11.124.http > 172.30.11.122.37138: Flags [S.], seq 127491883, ack 124904408, win 14480, options [mss 1460,sackOK,TS val 6517826 ecr 6517826,nop,wscale 5], length 0 23:24:05.893885 IP 172.30.11.122.37138 > 172.30.11.124.http: Flags [R], seq 124904408, win 0, length 0 23:24:07.897766 IP 172.30.11.124.http > 172.30.11.122.37138: Flags [S.], seq 158804355, ack 124904408, win 14480, options [mss 1460,sackOK,TS val 6518327 ecr 6518327,nop,wscale 5], length 0 23:24:07.898048 IP 172.30.11.122.37138 > 172.30.11.124.http: Flags [R], seq 124904408, win 0, length 0 23:24:11.901791 IP 172.30.11.124.http > 172.30.11.122.37138: Flags [S.], seq 221367156, ack 124904408, win 14480, options [mss 1460,sackOK,TS val 6519328 ecr 6519328,nop,wscale 5], length 0 23:24:11.901913 IP 172.30.11.122.37138 > 172.30.11.124.http: Flags [R], seq 124904408, win 0, length 0 23:24:19.917797 IP 172.30.11.124.http > 172.30.11.122.37138: Flags [S.], seq 346617285, ack 124904408, win 14480, options [mss 1460,sackOK,TS val 6521332 ecr 6521332,nop,wscale 5], length 0 23:24:19.917920 IP 172.30.11.122.37138 > 172.30.11.124.http: Flags [R], seq 124904408, win 0, length 0 23:24:35.965795 IP 172.30.11.124.http > 172.30.11.122.37138: Flags [S.], seq 597367243, ack 124904408, win 14480, options [mss 1460,sackOK,TS val 6525344 ecr 6525344,nop,wscale 5], length 0 23:24:35.965906 IP 172.30.11.122.37138 > 172.30.11.124.http: Flags [R], seq 124904408, win 0, length 0 23:25:04.848090 IP 172.30.11.124.http > 172.30.11.122.44872: Flags [.], seq 622394574:622396022, ack 3117157865, win 486, options [nop,nop,TS val 6532564 ecr 1130451999], length 1448 23:25:04.848123 IP 172.30.11.124.http > 172.30.11.122.44872: Flags [.], seq 1448:2896, ack 1, win 486, options [nop,nop,TS val 6532564 ecr 1130451999], length 1448 23:25:04.848143 IP 172.30.11.124.http > 172.30.11.122.44872: Flags [P.], seq 2896:3880, ack 1, win 486, options [nop,nop,TS val 6532564 ecr 1130451999], length 984 23:25:04.848480 IP 172.30.11.122.44872 > 172.30.11.124.http: Flags [.], ack 1448, win 274, options [nop,nop,TS val 1130631953 ecr 6532564], length 0 23:25:04.848572 IP 172.30.11.122.44872 > 172.30.11.124.http: Flags [.], ack 2896, win 319, options [nop,nop,TS val 1130631953 ecr 6532564], length 0 23:25:04.848667 IP 172.30.11.122.44872 > 172.30.11.124.http: Flags [.], ack 3880, win 364, options [nop,nop,TS val 1130631953 ecr 6532564], length 0 23:26:59.848715 IP 172.30.11.122.44872 > 172.30.11.124.http: Flags [F.], seq 1, ack 3880, win 364, options [nop,nop,TS val 1130746953 ecr 6532564], length 0 23:26:59.848866 IP 172.30.11.124.http > 172.30.11.122.44872: Flags [F.], seq 3880, ack 2, win 486, options [nop,nop,TS val 6561314 ecr 1130746953], length 0 23:26:59.849005 IP 172.30.11.122.44872 > 172.30.11.124.http: Flags [.], ack 3881, win 364, options [nop,nop,TS val 1130746954 ecr 6561314], length 0 Moreover its taking long time to respond "connection failed error message in browser". Without tproxy rules, webserver is working like Gem. I really don't know what is going on and What I did wrong. Please help me since I m new to squid. Regards, Saravanan N
