Thanx Amos, It is clear.
Alex On Tue, Aug 7, 2018 at 9:20 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 08/08/18 04:56, Alex K wrote: > > Hi all, > > > > I have a box with fairly restrictive firewall. > > I see that the box blocks connections of squid to the requested sites > > when squid tries to reach/send ICMP to them: > > > > 2018/08/07 16:51:57| Error sending to ICMP packet to 213.133.127.247. > > ERR: (1) Operation not permitted > > 2018/08/07 16:51:59| Error sending to ICMP packet to 194.55.30.166. ERR: > > (1) Operation not permitted > > 2018/08/07 16:52:00| Error sending to ICMP packet to 93.184.220.29. ERR: > > (1) Operation not permitted > > 2018/08/07 16:52:00| Error sending to ICMP packet to 72.21.202.25. ERR: > > (1) Operation not permitted > > 2018/08/07 16:52:02| Error sending to ICMP packet to 54.182.206.90. ERR: > > (1) Operation not permitted > > 2018/08/07 16:52:18| Error sending to ICMP packet to 54.239.220.40. ERR: > > (1) Operation not permitted > > 2018/08/07 16:52:18| Error sending to ICMP packet to 62.38.6.83. ERR: > > (1) Operation not permitted > > 2018/08/07 16:52:20| Error sending to ICMP packet to 13.32.16.243. ERR: > > (1) Operation not permitted > > > > Anyone knows why squid is sending ICMP? > > To find the fastest route for its outbound HTTP messages when cache_peer > are used, and to bootstrap the ARP and MTU discovery processes before > server TCP connections have to use the information they provide. > > > Is this needed? > > Maybe. You can safely configure "pinger_enable off" if you don't care > about a small (few milli- or micro-seconds) latency increase on TCP > connection setup. > > Please note however that ICMP is not an optional protocol. It is > mandatory for correct working of TCP. Only a few things like these echo > packets are safely blocked. > > Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
