Hi All, Further to this, I have rolled back to Squid 3.1.23 and there appears to be no issue, the website works fine. Is anyone else having similar issues with Squid 3.3.x ? Cheers, John. > -----Original Message----- > From: John Kenyon > Sent: Wednesday, 9 October 2013 8:42 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Connection reset by peer > > Hi All, > > Hope someone can shed some light on a problem I am experiencing... I can > reproduce a "(104) Connection reset by peer" error consistently on a certain > website when trying to login. > > When the 502 bad gateway issue appears it looks like there is a missing FIN > packet. > > I can access this site fine behind our company firewall, just have a problem > when using squid proxy... here is a bit more info: > > Relevant lines in Squid access.log > > 1381271050.480 424 192.168.0.25 TCP_MISS/200 414 POST > http://www.cmmsau.com/scripts/mms.dll/JAWS/MMS/acs/f_login - > HIER_DIRECT/66.151.79.155 text/html > 1381271050.838 297 192.168.0.25 TCP_MISS/502 3710 GET > http://www.cmmsau.com/scripts/mms.dll/JAWS/MMS/acs/f_redirect? - > HIER_DIRECT/66.151.79.155 text/html > > Here is a tcpdump: > > # tcpdump -i eth0 dst 66.151.79.155 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes > 16:53:53.462042 IP proxyserver.33784 > 66.151.79.155.http: S > 264441315:264441315(0) win 5840 <mss 1460,sackOK,timestamp 447447258 > 0,nop,wscale 8> > 16:53:53.665606 IP proxyserver.33784 > 66.151.79.155.http: . ack 258927824 > win 23 <nop,nop,timestamp 447447462 0> > 16:53:53.666037 IP proxyserver.33784 > 66.151.79.155.http: P 0:636(636) ack 1 > win 23 <nop,nop,timestamp 447447462 0> > 16:53:53.666217 IP proxyserver.33784 > 66.151.79.155.http: P 636:711(75) ack > 1 win 23 <nop,nop,timestamp 447447462 0> > 16:53:53.903639 IP proxyserver.33784 > 66.151.79.155.http: . ack 327 win 27 > <nop,nop,timestamp 447447700 4801001> > 16:53:54.028623 IP proxyserver.33784 > 66.151.79.155.http: P 711:1363(652) > ack 327 win 27 <nop,nop,timestamp 447447825 4801001> > > # tcpdump -i eth0 src 66.151.79.155 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes > 16:55:17.007426 IP 66.151.79.155.http > proxyserver.34334: S > 2581779361:2581779361(0) ack 350474126 win 16384 <mss 1380,nop,wscale > 0,nop,nop,timestamp 0 0,nop,nop,sackOK> > 16:55:17.225169 IP 66.151.79.155.http > proxyserver.34334: . ack 714 win > 64822 <nop,nop,timestamp 4801834 447530601> > 16:55:26.115901 IP 66.151.79.155.http > proxyserver.34334: P 1:327(326) ack > 714 win 64822 <nop,nop,timestamp 4801924 447530601> > 16:55:26.552923 IP 66.151.79.155.http > proxyserver.34334: . ack 1366 win > 64170 <nop,nop,timestamp 4801928 447540018> > 16:55:26.943813 IP 66.151.79.155.http > proxyserver.34334: R 327:327(0) ack > 1366 win 0 > > Squid Cache: Version 3.3.9 > configure options: '--prefix=/usr' '--includedir=/usr/include' '-- > datadir=/usr/share' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '-- > localstatedir=/var' '--sysconfdir=/etc/squid' '--enable-auth' '--enable-auth- > basic=ldap,getpwnam' '--enable-auth-ntlm=smb_lm' '--enable-external-acl- > helpers=wbinfo_group,session' '--enable-removal-policies=heap,lru' '--enable- > async-io' '--enable-storeio=aufs,ufs' '--enable-poll' '--enable-ntlm-fail-open' '-- > disable-ident-lookups' '--enable-delay-pools' '--disable-ipv6' --enable-ltdl- > convenience > > I have played around with settings for ECN and Window Scaling but no luck... > Any ideas guys? > > Cheers, John
