On Wed, Mar 16, 2016 at 10:44 AM, Amos Jeffries <squ...@treenet.co.nz> wrote:
> On 17/03/2016 3:03 a.m., Chris Nighswonger wrote: > > On Wed, Mar 16, 2016 at 9:07 AM, Amos Jeffries <squ...@treenet.co.nz> > wrote: > > > >> On 17/03/2016 1:57 a.m., Amos Jeffries wrote: > >>> On 17/03/2016 1:25 a.m., Chris Nighswonger wrote: > >>>> On Wed, Mar 16, 2016 at 1:03 AM, Amos Jeffries wrote: > >>>> > >>>>> On 16/03/2016 12:38 p.m., Chris Nighswonger wrote: > >>>>>> Why does netstat show two connections per client connection to > Squid: > >>>>>> > >>>>>> tcp 0 0 127.0.0.1:3128 127.0.0.1:34167 > >>>>>> ESTABLISHED > >>>>>> tcp 0 0 127.0.0.1:34167 127.0.0.1:3128 > >>>>>> ESTABLISHED > >>>>>> > >>>>>> In this case, there is a content filter running in front of Squid on > >> the > >>>>>> same box. The same netstat command filtered on the content filter > port > >>>>>> shows only one connection per client: > >>>>>> > >>>>>> tcp 0 0 192.168.x.x:8080 192.168.x.y:1310 > >>>>> ESTABLISHED > >>>>>> > >>>>> > >>>>> Details of your Squid configuration are needed to answer that. > >>>>> > >>>> > >>>> > >>>> Here it is. I've stripped out all of the acl lines to reduce the > length: > >>>> > >>>> tcp_outgoing_address 184.x.x.x > >>>> http_port 127.0.0.1:3128 > >>> > >>> It would seem that it is not Squid making those connections outbound > >>> from 127.0.0.1:3128. Squid uses that 184.x.x.x address with random > >>> source ports for *all* its outbound connections. > >> > >> > >> Ah, just had an idea. Do you have IDENT protocol in those ACLs you > elided? > >> > >> IDENT makes a reverse connection back to the client to find the > identity. > >> > >> > > So I have this acl in the list: > > > > acl AuthorizedUsers proxy_auth REQUIRED > > > > Might that be the one? > > No, if existing it would have 'ident' or 'ident_regex' type. > > Log formats would be the other way to hit ident. But I didn't notice > anything fancy like that in the config you posted. > Sorry for the direct reply on the last iteration. Silly g-mail does not support reply to list apparently. I've cleaned up the config based on your suggestions. I'm not super concerned about the two connection issue. I was mostly wondering what was up. Perhaps I should be. Ignorance is not always bliss. WRT follow_x_forwarded_for allow all, I've changed "all" to "localhost." I don't know if that tightens things up maybe? I need this enabled so that the client IPs show up in the Squid log. At least I think I do. Thanks for the help. We've run Squid for over 16 years and it mostly just works. Kind regards, Chris
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
