Re: Another "Forwarding loop detected" issue

[Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx>]

> On 06/11/2019 09:39, Matus UHLAR - fantomas wrote:
> > > > > On 5/11/19 10:40 pm, Nick Howitt wrote:
> > > > > > I am trying to help someone who is running squid-3.5.20-12 on a
> > > > > > standalone server with the dansguardian content filter and suddenly
> > > > > > recently has been getting a lot of messages like:
> > > > > >
> > > > > >     2019/10/31 13:48:14 kid1| WARNING: Forwarding loop detected for:
> > > > > >     HEAD / HTTP/1.0
> > > > > >     Via: 1.0 HSFilterHyperos7.haftr.local (squid/3.5.20)
> > > > > >     Cache-Control: max-age=259200
> > > > > >     Connection: keep-alive
> > > > > >     X-Forwarded-For: 10.10.1.2
> > > > > >     Host: 10.10.1.2:8080
> > > > > >
> > > > > >
> > > > > > The access log looks something like:
> > > > > >
> > > > > >     1572545946.383 120000 10.10.1.2 TCP_MISS_ABORTED/000 0 HEAD
> > > > > >     http://10.10.1.2:8080/ - HIER_DIRECT/10.10.1.2 -
> > > > > >     1572545946.477 120000 10.10.1.2 TCP_MISS_ABORTED/000 0 HEAD
> > > > > >     http://10.10.1.2:8080/ - HIER_DIRECT/10.10.1.2 -
> > > > > >     1572545946.493 120000 10.10.1.2 TCP_MISS_ABORTED/000 0 HEAD
> > > > > >     http://10.10.1.2:8080/ - HIER_DIRECT/10.10.1.2 -
> > > > > >
> > > > > > (but these are for different transactions - they are all the 
> > > > > > same apart
> > > > > > from the timestamps)
> >
> >
> > > > On 05/11/2019 10:44, Amos Jeffries wrote:
> > > > > That is what a forwarding loop looks like in the access.log.
> >
> > > > > > The content filter listens on port 8080 and squid on 3128. 
> > > > > > The machine
> > > > > > is on 10.10.1.2

> > How does your schema look like?
> > How does your content filter work?
> >
> > The logs above show that someone from local machins (content-filter) is
> > using squid to access local machine port 8080, which should be your 
> > content
> > filter.
> > That looks much like a loop, connections from squid or content 
> > filter that
> > are going back to content filter via squid

On 06.11.19 09:54, Nick Howitt wrote:
> The set up is eth0 (10.10.1.2:8080) -> Content filter (dansguardian) 
> -> Squid (port 3128) -> eth0 -> gateway

I understand this as:

client
->
10.10.1.2:8080 aka Content filter (dansguardian)
->
10.10.1.2:3128 aka squid 
->
the net.


> If what you are saying is right then a firewall rule blocking source 
> 10.10.1.2 to 10.10.1.2:8080 may work

apparently, but I don't understand why would anyone from 10.10.1.2 to
10.10.1.2:8080.
Is it any HTTP client running on 10.10.1.2 ? Then it's ok.

Is it squid or dansguardian ?  Then something is broken in your setup, or,
any client is requesting 10.10.1.2:8080 which should apparently be disabled
in squid config.

> I am not sure if it would be in 
> the FORWARD or INPUT chain

INPUT chain, since it's connection from to local IP, unless it's redirected
connection.

But IIRC you have said your clients have proxy configured.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users