Squid Cache: Version 3.5.15-20160302-r14000
Service Name: squid
configure options: '--prefix=/squid' '--includedir=/squid/usr/include' '--enable-ssl-crtd' '--datadir=/squid/usr/share' '--bindir=/squid/usr/sbin' '--libexecdir=/squid/usr/lib/squid' '--localstatedir=/squid/var' '--sysconfdir=/squid/etc/squid' '--enable-arp-acl' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,PAM,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos' '--enable-external-acl-helpers=file_userip,LDAP_group,session,unix_group,wbinfo_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-referer-log' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl' '--enable-storeio=aufs,diskd,ufs' '--enable-useragent-log' '--enable-wccpv2' '--enable-esi' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=64000' '--with-dl' '--with-openssl' '--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig' '--enable-ltdl-convenience' '--disable-ipv6'
Yes the IP in question is my squid IP, I am still getting the same error, it is as if squid sends traffic to itself
Only difference is that I see this in access log now
1457080684.426 0 84.208.223.203 TAG_NONE/200 0 CONNECT 162.220.xx.xx:443 - ORIGINAL_DST/162.220.xx.xx -
Not sure if this means anything .
Regards
On 4/03/2016 11:57 a.m., Ali Jawad wrote:
> Hi
> I am using Squid
>
> [root@kgoDcyTx9 squid]# /squid/sbin/squid -v
>
> Squid Cache: Version 3.4.9
When using SSL-Bump functionality first port of call is to ensure you
are using the latest release.
Today that is 3.5.15 (though I recommend the snapshot tarball instead of
the main one). Or 4.0.7 beta.
>
> Config Options
>
>
> https_port 3129 intercept ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB cert=/squid/etc/squid/ssl_cert/myca.pem
> key=/squid/etc/squid/ssl_cert/myca.pem
>
>
<snip outdated settings>
>
> Iptables Rule
>
> iptables -t nat -A PREROUTING -p tcp --dport 443 --destination
> 162.220.xx.xx -j REDIRECT --to-ports 3129
>
So what happens to the Squid traffic going to port 443 ?
>
> The problem :
>
> There are no certificate errors in the cache log and access log appears to
> log the requested URL, the problem is that Squid shows the error below,
> from the looks of it Squid is trying to send the request to itself on its
> own IP, my assumption is that Squid is not able to detect the proper
> destination during bump "through a config fault of my own" or a missing
The machine NAT system tells Squid what the destination is supposed to be.
> step. Please advice :
>
> The following error was encountered while trying to retrieve the URL:
> ://162.220.xx.xx:443
> <https://ipv6_1.lagg0.c052.lhr004.ix.nflxvideo.net/://162.220.244.7:443>
>
> *Connection to 162.220.244.7 failed.*
>
Is "162.220.244.7" your Squid IP?
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
