On 26/01/2015 4:59 a.m., Marcus Kool wrote: > > > The debug trace starts with: > Xaction.cc(133) openConnection: *Adaptation::Icap::OptXact* opens > connection to 10.10.0.6:1344 > and then > comm.cc(549) comm_openex: comm_openex: Attempt open socket for: > *a.public.IP.address* > comm.cc(590) comm_openex: comm_openex:Opened socket > local=*a.public.IP.address* remote=[::] FD 10 flags=1 : family=2, > type=1, protocol=6 > > so I think it is clear that the socket to the ICAP server on 10.10.0.6 > is bound to the NIC with an external IP address (not obeying the ACL). > Okay you need to expand that with debug level 28,3 to see what Squid is doing with the ACLs. > I do not understand your statement "I dont know why it was binding". > >> Squid only uses >> bind() if there is an explicit outgoing address required to be used. > > Have you considered the possibility of a bug ? Yes, a bug in the binding would report bind errors opening a socket for local=[::]. A bug in the ICAP will depend on what the ACL behaviour is. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
