Search squid archive

Re: Re: server failover/backup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 21/08/2014 5:33 a.m., nuhll wrote:
> Some Logs:

These logs are showing a problem...


> ==> /var/log/squid3/cache.log <==
> 2014/08/20 19:33:19.809 kid1| client_side.cc(777) swanSong:
> local=192.168.0.1:3128 remote=192.168.0.125:62595 flags=1
> 2014/08/20 19:33:20.227 kid1| client_side.cc(777) swanSong:
> local=192.168.0.1:3128 remote=192.168.0.125:62378 flags=1
> 2014/08/20 19:33:20.232 kid1| client_side.cc(900) deferRecipientForLater:
> clientSocketRecipient: Deferring request
> http://llnw.blizzard.com/hs-pod/beta/EU/4944.direct/Updates/hs-6187-6284-Win_deDE-final.MPQ
> 2014/08/20 19:33:20.232 kid1| client_side.cc(1518)
> ClientSocketContextPushDeferredIfNeeded: local=192.168.0.1:3128
> remote=192.168.0.125:62611 FD 29 flags=1 Sending next

This appears to be a client (192.168.0.125) connecting to what it thinks
is a regular forward-proxy port:
  http_port 3128
or
  http_port 192.168.0.1:3128


> 2014/08/20 19:33:20.235 kid1| client_side.cc(777) swanSong:
> local=192.168.0.1:3128 remote=192.168.0.125:62611 flags=1
> 2014/08/20 19:33:20.638 kid1| client_side.cc(777) swanSong:
> local=192.168.0.1:3128 remote=192.168.0.125:62669 flags=1
> 
> ==> /var/log/squid3/access.log <==
> 1408555999.808  10552 192.168.0.125 TCP_MISS/503 3899 GET
> http://dist.blizzard.com.edgesuite.net/hs-pod/beta/EU/4944.direct/Updates/hs-6187-6284-Win-final.MPQ
> - HIER_DIRECT/192.168.0.4 text/html
> 1408556000.232   9976 192.168.0.125 TCP_MISS/503 3844 GET
> http://llnw.blizzard.com/hs-pod/beta/EU/4944.direct/Updates/hs-6187-6284-Win-final.MPQ
> - HIER_DIRECT/192.168.0.4 text/html
> 1408556000.232   9975 192.168.0.125 TCP_MISS/503 3803 GET
> http://llnw.blizzard.com/hs-pod/beta/EU/4944.direct/Updates/hs-6187-6284-Win_deDE-final.MPQ
> - HIER_DIRECT/192.168.0.4 text/html

This above shows Squid receiving various requests for blizzard.com
domains and relaying them to the web server at 192.168.0.4.

Do you actually have a blizzard.com web server running at 192.168.0.4  ?
 I dont think so.


> 1408556000.638    406 192.168.0.125 TCP_MISS/200 1642 CONNECT
> dws1.etoro.com:443 - HIER_DIRECT/149.126.77.194 -
> 

It seems to me that you are mixing the HTTP traffic modes up.

Squid accepts traffic with two very different on-wire syntax formats,
and also with possibly mangled TCP packet details. These combine into 3
perutatiosn we call traffic "modes".

1) forward-proxy (aka manual or auto-configured explicit proxy)
  - port 3128 traffic syntax designed for proxy communication. Nothing
special needed to service the traffic.

2) reverse-proxy (aka accelerator / CDN gateway)
  - port 80 traffic syntax designed for web server communication.
Message URLs need reconstructing and an origin cache_peer server is
expected to be explicitly configured.

3) interception proxy (aka transparent proxy)
  - port 80 traffic syntax and also possible TCP/IP mangling of the
packet IPs. Any mangling needs to be detected and undone, input
validation security checks applied, then the reverse-proxy URL
manipulations performed.
  NP: if the security checks fail caching will be disabled for request,
but it will still be serviced as a transparent MISS.
  NP2: if the security checks fail and the TCP packet details are broken
you will get 503 exactly as logged above.


What you need to do for a properly working proxy is ensure that:
* each mode of traffic is sent to a separate http_port opened by Squid.
 - you may use multiple port directives as long as each has a unique
port number.
* each http_port directive is flagged as appropriate to indicate the
traffic mode being received there.



>From the logs above it looks to me like you are possibly intercepting
the blizzard traffic and NAT'ing it to a forward-proxy port 3128.

You probably need to actually configure this to get rid of the 503s:

 http_port 3128
 http_port 3129 intercept

and change your NAT rules to -j REDIRECT packets to port 3129. Leave
your DHCP rules sending traffic to port 3128.

Amos





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux