On 17/03/2016 1:57 a.m., Amos Jeffries wrote: > On 17/03/2016 1:25 a.m., Chris Nighswonger wrote: >> On Wed, Mar 16, 2016 at 1:03 AM, Amos Jeffries wrote: >> >>> On 16/03/2016 12:38 p.m., Chris Nighswonger wrote: >>>> Why does netstat show two connections per client connection to Squid: >>>> >>>> tcp 0 0 127.0.0.1:3128 127.0.0.1:34167 >>>> ESTABLISHED >>>> tcp 0 0 127.0.0.1:34167 127.0.0.1:3128 >>>> ESTABLISHED >>>> >>>> In this case, there is a content filter running in front of Squid on the >>>> same box. The same netstat command filtered on the content filter port >>>> shows only one connection per client: >>>> >>>> tcp 0 0 192.168.x.x:8080 192.168.x.y:1310 >>> ESTABLISHED >>>> >>> >>> Details of your Squid configuration are needed to answer that. >>> >> >> >> Here it is. I've stripped out all of the acl lines to reduce the length: >> >> tcp_outgoing_address 184.x.x.x >> http_port 127.0.0.1:3128 > > It would seem that it is not Squid making those connections outbound > from 127.0.0.1:3128. Squid uses that 184.x.x.x address with random > source ports for *all* its outbound connections. Ah, just had an idea. Do you have IDENT protocol in those ACLs you elided? IDENT makes a reverse connection back to the client to find the identity. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
