On Wed, Oct 09, 2013 at 08:41:55AM +1000, John Kenyon wrote: > Hi All, > > Hope someone can shed some light on a problem I am experiencing... I can reproduce a "(104) Connection reset by peer" error consistently on a certain website when trying to login. > > When the 502 bad gateway issue appears it looks like there is a missing FIN packet. > > I can access this site fine behind our company firewall, just have a problem when using squid proxy... here is a bit more info: > > Relevant lines in Squid access.log > > 1381271050.480 424 192.168.0.25 TCP_MISS/200 414 POST http://www.cmmsau.com/scripts/mms.dll/JAWS/MMS/acs/f_login - HIER_DIRECT/66.151.79.155 text/html > 1381271050.838 297 192.168.0.25 TCP_MISS/502 3710 GET http://www.cmmsau.com/scripts/mms.dll/JAWS/MMS/acs/f_redirect? - HIER_DIRECT/66.151.79.155 text/html > > Here is a tcpdump: > > # tcpdump -i eth0 dst 66.151.79.155 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes > 16:53:53.462042 IP proxyserver.33784 > 66.151.79.155.http: S 264441315:264441315(0) win 5840 <mss 1460,sackOK,timestamp 447447258 0,nop,wscale 8> > 16:53:53.665606 IP proxyserver.33784 > 66.151.79.155.http: . ack 258927824 win 23 <nop,nop,timestamp 447447462 0> > 16:53:53.666037 IP proxyserver.33784 > 66.151.79.155.http: P 0:636(636) ack 1 win 23 <nop,nop,timestamp 447447462 0> > 16:53:53.666217 IP proxyserver.33784 > 66.151.79.155.http: P 636:711(75) ack 1 win 23 <nop,nop,timestamp 447447462 0> > 16:53:53.903639 IP proxyserver.33784 > 66.151.79.155.http: . ack 327 win 27 <nop,nop,timestamp 447447700 4801001> > 16:53:54.028623 IP proxyserver.33784 > 66.151.79.155.http: P 711:1363(652) ack 327 win 27 <nop,nop,timestamp 447447825 4801001> > > # tcpdump -i eth0 src 66.151.79.155 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes > 16:55:17.007426 IP 66.151.79.155.http > proxyserver.34334: S 2581779361:2581779361(0) ack 350474126 win 16384 <mss 1380,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> > 16:55:17.225169 IP 66.151.79.155.http > proxyserver.34334: . ack 714 win 64822 <nop,nop,timestamp 4801834 447530601> > 16:55:26.115901 IP 66.151.79.155.http > proxyserver.34334: P 1:327(326) ack 714 win 64822 <nop,nop,timestamp 4801924 447530601> > 16:55:26.552923 IP 66.151.79.155.http > proxyserver.34334: . ack 1366 win 64170 <nop,nop,timestamp 4801928 447540018> > 16:55:26.943813 IP 66.151.79.155.http > proxyserver.34334: R 327:327(0) ack 1366 win 0 > > Squid Cache: Version 3.3.9 > configure options: '--prefix=/usr' '--includedir=/usr/include' '--datadir=/usr/share' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--localstatedir=/var' '--sysconfdir=/etc/squid' '--enable-auth' '--enable-auth-basic=ldap,getpwnam' '--enable-auth-ntlm=smb_lm' '--enable-external-acl-helpers=wbinfo_group,session' '--enable-removal-policies=heap,lru' '--enable-async-io' '--enable-storeio=aufs,ufs' '--enable-poll' '--enable-ntlm-fail-open' '--disable-ident-lookups' '--enable-delay-pools' '--disable-ipv6' --enable-ltdl-convenience > > I have played around with settings for ECN and Window Scaling but no luck... Any ideas guys? > > Cheers, John Often, when I see the 502 errors in our squid 3.3.9 access.log, the problem is in our company firewall. Firewall blocks packets from origin server, squid is not able to receive them and writes 502 errors to access.log. Try to check your firewall logs. HTH. -- Peter Benko