On 17/03/2016 1:25 a.m., Chris Nighswonger wrote: > On Wed, Mar 16, 2016 at 1:03 AM, Amos Jeffries wrote: > >> On 16/03/2016 12:38 p.m., Chris Nighswonger wrote: >>> Why does netstat show two connections per client connection to Squid: >>> >>> tcp 0 0 127.0.0.1:3128 127.0.0.1:34167 >>> ESTABLISHED >>> tcp 0 0 127.0.0.1:34167 127.0.0.1:3128 >>> ESTABLISHED >>> >>> In this case, there is a content filter running in front of Squid on the >>> same box. The same netstat command filtered on the content filter port >>> shows only one connection per client: >>> >>> tcp 0 0 192.168.x.x:8080 192.168.x.y:1310 >> ESTABLISHED >>> >> >> Details of your Squid configuration are needed to answer that. >> > > > Here it is. I've stripped out all of the acl lines to reduce the length: > > tcp_outgoing_address 184.x.x.x > http_port 127.0.0.1:3128 It would seem that it is not Squid making those connections outbound from 127.0.0.1:3128. Squid uses that 184.x.x.x address with random source ports for *all* its outbound connections. You don't seem to have NAT involved anywhere, which was my main suspicion. Forwarding loops via NAT rules can show up as this type of thing. > hierarchy_stoplist cgi-bin ? stoplist is obsolete. You can remove it. > cache_mem 4 GB > maximum_object_size 32768 KB > maximum_object_size_in_memory 200 KB > cache_dir aufs /var/cache/squid3 375000 65 256 > access_log /var/log/squid3/access.log > cache_log /var/log/squid3/cache.log > cache_store_log none > cachemgr_passwd SuperSecretPW all > debug_options ALL,1 > auth_param basic program /usr/lib/squid3/basic_ldap_auth <connection > parameters go here> > auth_param basic children 60 > auth_param basic realm Campus Proxy Server > auth_param basic credentialsttl 2 hours > auth_param basic casesensitive off > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > quick_abort_min 0 KB > quick_abort_max 0 KB > forwarded_for truncate > follow_x_forwarded_for allow all This is bad. It allows any of your clients to forge XFF headers and get data of their choice added to your logs. follow_x_forwarded_for should *only* allow your frontend softwares IPs to be 'followed'. > log_uses_indirect_client on > http_reply_access allow all > icp_access allow all > cache_mgr support@xxxxxxxxxxxxxxxx > store_avg_object_size 20 KB > coredump_dir /var/spool/squid3 > client_persistent_connections on > server_persistent_connections on > persistent_connection_after_error on > visible_hostname gateway.intranet.organization.tld > negative_ttl 5 minutes > negative_dns_ttl 1 minutes > cache_effective_user proxy > cache_effective_group proxy > Quite a few of the above settings are defaults and defaults do not need to be configured for Squid-3. If you have some time you might want to go through and remove the unnecessary ones. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
