On 01/24/2015 10:15 AM, Amos Jeffries wrote:
On 22/01/2015 10:11 a.m., Marcus Kool wrote:I am using Squid 3.4.9 and have an issue with tcp_outgoing_address. The Squid server is connceted to the internet with multiple NICs and uses tcp_outgoing_address a.public.IP.address and also want to use an ICAP server on the same host using icap_service reqmod_urlfilterdb reqmod_precache icap://a.local.ip.address:1344/reqmod_icapd bypass=off routing=on on-overload=wait ipv6=off It seems that Squid binds the connection to the ICAP server the same way it binds connections to webservers using the rule with tcp_outgoing_address and that it not desired nor workable. I tried acl myicaphost dst a.local.ip.address tcp_outgoing_address a.public.IP.address !myicaphost but Squid issues the following errors: 2015/01/21 21:58:32 kid1| WARNING: myicaphost ACL is used in context without an HTTP request. Assuming mismatch. 2015/01/21 21:58:32 kid1| commBind: Cannot bind socket FD 10 to XX.XX.XX.XX: (99) Cannot assign requested address 2015/01/21 21:58:32 kid1| essential ICAP service is down after an options fetch failure: icap://XX.XX.XX.XX:1344/reqmod_icapd [down,!opt] So the question is how to send web traffic over a specific NIC and traffic to the ICAP server over an other (default?) NIC ?Please try the attached patch against Squid-3.4. It should make your config work. Amos
Thank you for the patch. It resolves 1 issue: there is no longer the warning WARNING: myicaphost ACL is used in context without an HTTP request. Assuming mismatch. But the binding to the wrong NIC with the external IP still happens: 2015/01/24 17:19:48.027 kid1| Xaction.cc(133) openConnection: Adaptation::Icap::OptXact opens connection to 10.10.0.6:1344 2015/01/24 17:19:48.027 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall Adaptation::Icap::Xaction::noteCommConnected constructed, this=0x1d9d7e0 [call53] 2015/01/24 17:19:48.027 kid1| comm.cc(549) comm_openex: comm_openex: Attempt open socket for: a.public.IP.address 2015/01/24 17:19:48.027 kid1| comm.cc(590) comm_openex: comm_openex: Opened socket local=a.public.IP.address remote=[::] FD 10 flags=1 : family=2, type=1, protocol=6 The firewall and routing was changed to allow traffic from the external IP to the internal IP so for us the urgency of the issue is low, but the binding remains on the external IP despite the ACL saying not to do it. Marcus _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
