Hi everyone,
I'm having a
issue with Squid Cache 4.10 which I cannot fix for weeks now and kinda
lost at the moment. I will be appreciated if someone can guide me
through the issue I'm having.
I need to create a IPv6 HTTP
proxy which should match the entry address to outgoing TCP address. For
example, if user is connecting from fe80:abcd::1 it should exit the HTTP
proxy from the same address. We got like 50k addresses like this at the
moment.
The issue is, client connecting to the proxy is receiving
"EOF" or "FLOW_CONTROL_ERROR" on their side. When I test connection by connecting to whatismyip.com
everything works fine and entry IP always matches with outgoing IP for
each of the 50k addresses. Client tells me this problem occurs both at
GET and POST requests with around 10 MB of data.
I initially
thought that could be related to server resources being drained but upon
inspecting server resource usage, Squid isn't even topping at 100% CPU
or RAM anytime so not that.
My Squid.conf is like this at the moment:
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
http_access deny !auth_users
cache deny all
dns_nameservers <nameservers here>
dns_v4_first off
via off
forwarded_for delete
follow_x_forwarded_for deny all
server_persistent_connections off
max_filedesc 1048576
max_filedescriptors 1048576
workers 8
http_port [::0]:1182
acl binding1 myip fe80:abcd::1
tcp_outgoing_address fe80:abcd::1 binding1
acl binding2 myip fe80:abcd::2
tcp_outgoing_address fe80:abcd::2 binding2
acl binding3 myip fe80:abcd::3
tcp_outgoing_address fe80:abcd::3 binding3
...
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
http_access deny !auth_users
cache deny all
dns_nameservers <nameservers here>
dns_v4_first off
via off
forwarded_for delete
follow_x_forwarded_for deny all
server_persistent_connections off
max_filedesc 1048576
max_filedescriptors 1048576
workers 8
http_port [::0]:1182
acl binding1 myip fe80:abcd::1
tcp_outgoing_address fe80:abcd::1 binding1
acl binding2 myip fe80:abcd::2
tcp_outgoing_address fe80:abcd::2 binding2
acl binding3 myip fe80:abcd::3
tcp_outgoing_address fe80:abcd::3 binding3
...
...
...
access_log /var/log/squid/access.log squid
cache_store_log none
cache deny all
cache_store_log none
cache deny all
I've
tried to get a PCAP file and realized when client tries to connect with
a new IPv6 address, Squid is not trying to open a new connection
instead tries to resume a previously opened one on a different outgoing
IPv6 address. I set server_persistent_connections off which should have
disabled this behavior but it's still the same. I tried using a newer
version of Squid but it behaved differently and did not follow my
outgoing address specifications and kept connecting on IPv4.
I would be appreciated if someone can help me out here.
Thank you.
Emre
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
