On 01/24/2015 10:15 AM, Amos Jeffries wrote:
On 22/01/2015 10:11 a.m., Marcus Kool wrote:
I am using Squid 3.4.9 and have an issue with tcp_outgoing_address.
The Squid server is connceted to the internet with multiple NICs and uses
tcp_outgoing_address a.public.IP.address
and also want to use an ICAP server on the same host using
icap_service reqmod_urlfilterdb reqmod_precache
icap://a.local.ip.address:1344/reqmod_icapd bypass=off routing=on
on-overload=wait ipv6=off
It seems that Squid binds the connection to the ICAP server the same way
it binds
connections to webservers using the rule with tcp_outgoing_address
and that it not desired nor workable.
I tried
acl myicaphost dst a.local.ip.address
tcp_outgoing_address a.public.IP.address !myicaphost
but Squid issues the following errors:
2015/01/21 21:58:32 kid1| WARNING: myicaphost ACL is used in context
without an HTTP request. Assuming mismatch.
2015/01/21 21:58:32 kid1| commBind: Cannot bind socket FD 10 to
XX.XX.XX.XX: (99) Cannot assign requested address
2015/01/21 21:58:32 kid1| essential ICAP service is down after an
options fetch failure: icap://XX.XX.XX.XX:1344/reqmod_icapd [down,!opt]
So the question is how to send web traffic over a specific NIC and
traffic to the ICAP server over an other (default?) NIC ?
Please try the attached patch against Squid-3.4. It should make your
config work.
Amos
Thank you for the patch.
It resolves 1 issue: there is no longer the warning
WARNING: myicaphost ACL is used in context without an HTTP request. Assuming mismatch.
But the binding to the wrong NIC with the external IP still happens:
2015/01/24 17:19:48.027 kid1| Xaction.cc(133) openConnection: Adaptation::Icap::OptXact opens connection to 10.10.0.6:1344
2015/01/24 17:19:48.027 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall Adaptation::Icap::Xaction::noteCommConnected constructed, this=0x1d9d7e0 [call53]
2015/01/24 17:19:48.027 kid1| comm.cc(549) comm_openex: comm_openex: Attempt open socket for: a.public.IP.address
2015/01/24 17:19:48.027 kid1| comm.cc(590) comm_openex: comm_openex: Opened socket local=a.public.IP.address remote=[::] FD 10 flags=1 : family=2, type=1, protocol=6
The firewall and routing was changed to allow traffic from the external IP to
the internal IP so for us the urgency of the issue is low, but
the binding remains on the external IP despite the ACL saying not to do it.
Marcus
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users