Re: [squid-users] TCP_MISS/503 0 CONNECT errors

[Amos Jeffries]

On 2/07/2012 8:28 p.m., Bruno Santos wrote:

Hi Amos,

thank you for the reply.

I don't have IPV6 on my network and i've disabled CentOS IPv6 :

cat /etc/sysconfig/network:
NETWORKING_IPV6=no

I'm using CentOS 5.8 and the last squid i can find using yum is this one i'm 
using: squid-3.1.0.16-7 - although yum (when trying to upgrade) says i've 
installed squid-2.6.STABLE21-6.el6.


That is probably the problem then. 3.1 initial IPv6 support did NOT do 
failure very well at all.



I'm going to further study and try to solve this issues with yum and squid.

In my DNS (bind-9.3.6) i've disabled IPv6 name resolution... (i was getting a 
lot of errors in /var/log/messages). Can this have something to do? Should i 
enable IPv6 in bind ?


This would cause slowness, ppossibly NXDOMAIN for IPv6-enabled domains. 
But you need to see the error page to know whether it even is DNS or TCP 
issues.


Amos

Re: [squid-users] TCP_MISS/503 0 CONNECT errors

[Bruno Santos]

Hi Amos,

thank you for the reply.

I don't have IPV6 on my network and i've disabled CentOS IPv6 :

cat /etc/sysconfig/network:
NETWORKING_IPV6=no

I'm using CentOS 5.8 and the last squid i can find using yum is this one i'm 
using: squid-3.1.0.16-7 - although yum (when trying to upgrade) says i've 
installed squid-2.6.STABLE21-6.el6.

I'm going to further study and try to solve this issues with yum and squid.

In my DNS (bind-9.3.6) i've disabled IPv6 name resolution... (i was getting a 
lot of errors in /var/log/messages). Can this have something to do? Should i 
enable IPv6 in bind ?

Thank you

Cheers,

Bruno Santos


- Original Message -
From: "Amos Jeffries" 
To: squid-users@squid-cache.org
Sent: Saturday, 30 June, 2012 9:17:45 AM
Subject: Re: [squid-users] TCP_MISS/503 0 CONNECT errors

On 30/06/2012 1:30 a.m., Bruno Santos wrote:
> Hi all.
>
>
> I've search in the internet and i've done some experiences with some 
> solutions i found on the internet, but still no luck.

First hint: you are still using a *beta* release of Squid-3.1. That
series has been in stable releases for over 2 years.

NP: I advise using no release older than 3.1.15. There are major
security vulnerabilities in all older releases.


Second hint: that 503 status generated by Squid means no destination
could be contacted. ie the TCP connection setup failed. "Error 111
(net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error." is Chrome
"user-friendly" display the 503 failure status.

Guesses:
  DNS resolution of  and A records failed (no destination able to be
found).
  TCP connection to some found IPv6 address(es) failed
  TCP connection to some found IPv4 address(es) failed


NP: the problem is very likely to be your IPv6 connectivity or some IPv6
issue in that 3.1 beta release. Google services are mostly IPv6-enabled
and using HTTPS (via CONNECT) since earlier this month. Squid-3.1 will
try very hard to connect using IPv6 whenever possible.

Amos


--




Use Open Source Software
Human knowledge belongs to the world
Bruno Santos
bvsan...@ulscb.min-saude.pt
http://www.twitter.com/feiticeir0
Tel: +351 962 753 053
Divisão de Informática
informat...@ulscb.min-saude.pt
Tel: +351 272 000 155
Fax: +351 272 000 257
Unidade Local de Saúde de Castelo Branco, E.P.E.
ge...@ulscb.min-saude.pt
Tel: +351 272 000 272
Fax: +351 272 000 257

Linux registered user #349448

LPIC-1 Certification

Re: [squid-users] TCP_MISS/503 0 CONNECT errors

[Amos Jeffries]

On 30/06/2012 1:30 a.m., Bruno Santos wrote:

Hi all.


I've search in the internet and i've done some experiences with some solutions 
i found on the internet, but still no luck.


First hint: you are still using a *beta* release of Squid-3.1. That 
series has been in stable releases for over 2 years.


NP: I advise using no release older than 3.1.15. There are major 
security vulnerabilities in all older releases.



Second hint: that 503 status generated by Squid means no destination 
could be contacted. ie the TCP connection setup failed. "Error 111 
(net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error." is Chrome 
"user-friendly" display the 503 failure status.


Guesses:
 DNS resolution of  and A records failed (no destination able to be 
found).

 TCP connection to some found IPv6 address(es) failed
 TCP connection to some found IPv4 address(es) failed


NP: the problem is very likely to be your IPv6 connectivity or some IPv6 
issue in that 3.1 beta release. Google services are mostly IPv6-enabled 
and using HTTPS (via CONNECT) since earlier this month. Squid-3.1 will 
try very hard to connect using IPv6 whenever possible.


Amos

[squid-users] TCP_MISS/503 0 CONNECT errors

[Bruno Santos]

Hi all.


I've search in the internet and i've done some experiences with some solutions 
i found on the internet, but still no luck.


In some https sites i'm getting TCP_MISS/503 0 CONNECT and the page is not 
displayed.


It has to be something to do with squid, because if i don't use a proxy server 
(my machine is allowed to connect directly to the internet - so is the proxy 
server) i don't get any errors and the sites are displayed correctly.
the funny thing is, if i refresh the page, most of the times, it works.. But 
never the first time...


Sometimes i get this error in the browser (chromium):

Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.



In squid access.log, this is the error:



1340974582.878 4 192.168.98.3 TCP_MISS/503 0 CONNECT plus.google.com:443 - 
DIRECT/- -
1340974586.898 2 192.168.98.3 TCP_MISS/503 0 CONNECT ssl.gstatic.com:443 - 
DIRECT/- -
1340974586.898 2 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh6.googleusercontent.com:443 - DIRECT/- -
1340974587.579 3 192.168.98.3 TCP_MISS/503 0 CONNECT 
images3-focus-opensocial.googleusercontent.com:443 - DIRECT/- -
1340974587.596 17 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh3.googleusercontent.com:443 - DIRECT/- -
1340974587.596 17 192.168.98.3 TCP_MISS/503 0 CONNECT 
s2.googleusercontent.com:443 - DIRECT/- -
1340974587.598 5 192.168.98.3 TCP_MISS/503 0 CONNECT 
images1-focus-opensocial.googleusercontent.com:443 - DIRECT/- -
1340974587.598 20 192.168.98.3 TCP_MISS/503 0 CONNECT 
images1-focus-opensocial.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh4.googleusercontent.com:443 - DIRECT/- -
1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh4.googleusercontent.com:443 - DIRECT/- -
1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh4.googleusercontent.com:443 - DIRECT/- -
1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh4.googleusercontent.com:443 - DIRECT/- -
1340974587.601 4 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh4.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh4.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh5.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh5.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh5.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh5.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh5.googleusercontent.com:443 - DIRECT/- -
1340974587.601 7 192.168.98.3 TCP_MISS/503 0 CONNECT 
lh5.googleusercontent.com:443 - DIRECT/- -
1340974587.603 6 192.168.98.3 TCP_MISS/503 0 CONNECT 
images2-focus-opensocial.googleusercontent.com:443 - DIRECT/- -
1340974587.603 9 192.168.98.3 TCP_MISS/503 0 CONNECT 
images2-focus-opensocial.googleusercontent.com:443 - DIRECT/- -
1340974588.573 10 192.168.98.3 TCP_MISS/503 0 CONNECT apis.google.com:443 - 
DIRECT/- -
1340974588.644 81 192.168.98.3 TCP_MISS/503 0 CONNECT talkgadget.google.com:443 
- DIRECT/- -
1340974588.644 84 192.168.98.3 TCP_MISS/503 0 CONNECT talkgadget.google.com:443 
- DIRECT/- -
(after refresh the page)
1340974588.698522 192.168.99.16 TCP_MISS/200 18114 CONNECT 
plus.google.com:443 - DIRECT/173.194.34.230 -


I'm using Squid with dansguardian for content filtering. The clients connect to 
8080 port (dansguardian) . Squid and dansguardian connect with port 3128.


Here is my squid configuration:


---



http_port 127.0.0.1:3128


auth_param basic program /usr/lib64/squid/squid_ldap_auth -b 
"ou=people,dc=domain,dc==com" -f "uid=%s" -H ldaps://ldapserver.domain.com:636 
-v 3
auth_param basic children 5
auth_param basic realm Please type your credentials!
auth_param basic credentialsttl 1 minute
acl ldapAuth proxy_auth REQUIRED


acl manager proto cache_object
acl webserver src 127.0.0.1/32
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8


acl HalNetworks src 172.20.0.0/16 192.168.20.0/24 192.168.30.0/24 
192.168.240.0/24 192.168.250.0/24


acl Nonet src "/etc/squid/HalNonet.squid"


acl HalDeny dstdom_regex "/etc/squid/HalDeny.squid"



acl SSL_ports port 443
acl SSL_ports port 631  # Cups
acl SSL_ports port 873  # Rsync
acl SSL_ports port 1494 # citrix
acl SSL_ports port 2598 # citrix
acl SSL_ports port 4433 # DGS
acl Safe_ports port 80  # http
acl Safe_ports port 81  # http
acl Safe_ports port 82  # escolas
acl Safe_ports port 8081# http
acl Safe_ports port 8181# Coaguladores
acl Safe_ports port 873 # rsync
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
#acl Safe_ports port 70  # gopher
#acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 1494# citrix
acl Safe_po

Re: [squid-users] TCP_MISS/503 0 CONNECT

[Amos Jeffries]

On 7/06/2012 9:48 p.m., Maqsood Ahmad wrote:

Dear Ralf,


Yes i am getting the same error , but i am running squid 3.1 on freebsd 8. no 
IPV6 enable.


IPv6 is irrelevant. At its core this is a TCP handshake issue. They 
happen in IPv4 as well under the same PMTU, ECN, and Window Scaling 
conditions.


The important part is the bits you left off the report so far ... where 
Squid is being asked to connect to and what host/IP it is opening a TCP 
connection to.


Amos

RE: [squid-users] TCP_MISS/503 0 CONNECT

[Maqsood Ahmad]

Dear Ralf,


Yes i am getting the same error , but i am running squid 3.1 on freebsd 8. no 
IPV6 enable.



Maqsood Ahmad

 




> Date: Thu, 7 Jun 2012 10:10:17 +0200
> From: ralf.hildebra...@charite.de
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] TCP_MISS/503 0 CONNECT
> 
> * Maqsood Ahmad :
> > 
> > Dear All,
> > 
> > 
> > I am continuously getting this error " TCP_MISS/503 0 CONNECT " in my squid 
> > proxy.
> > I did not find any good help through google. 
> 
> Like this?
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Strange-503-on-https-sites-td3627150.html
> 
> -- 
> Ralf Hildebrandt   Charite Universitätsmedizin Berlin
> ralf.hildebra...@charite.deCampus Benjamin Franklin
> http://www.charite.de  Hindenburgdamm 30, 12203 Berlin
> Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
  

Re: [squid-users] TCP_MISS/503 0 CONNECT

[Ralf Hildebrandt]

* Maqsood Ahmad :
> 
> Dear All,
> 
> 
> I am continuously getting this error " TCP_MISS/503 0 CONNECT " in my squid 
> proxy.
> I did not find any good help through google. 

Like this?
http://squid-web-proxy-cache.1019090.n4.nabble.com/Strange-503-on-https-sites-td3627150.html

-- 
Ralf Hildebrandt   Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de  Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155

[squid-users] TCP_MISS/503 0 CONNECT

[Maqsood Ahmad]

Dear All,


I am continuously getting this error " TCP_MISS/503 0 CONNECT " in my squid 
proxy.
I did not find any good help through google. 
Please help



Maqsood Ahmad

 


  

Re: [squid-users] TCP_MISS/503

[Kevin Kimani]

Thanks guys,

Was able to resolve it but it was the firewall that was mis-behaving.

@Amos..the error message ends with the version of squid and the admin
email address


On Wed, Sep 9, 2009 at 3:27 PM, Amos Jeffries wrote:
> Kevin Kimani wrote:
>>
>> am also wondering why its not resolving. Am blank with no ideas not
>> sure what to do next
>>
>> On Wed, Sep 9, 2009 at 12:49 PM, Henrik
>> Nordstrom wrote:
>>>
>>> Hmm.. that does not match your access.log entry where it obviously could
>>> find the IP..
>>>
>
> Looks to me like your Squid resolved the domain to IP 63.246.8.100 and
> passed the request on. But got a 503 message back from that machine.
>
> Does the error page finish with the hostname and version of your Squid or
> some other?
>
>
> Lesson to anyone wanting to remove the squid signature from their error
> pages:  THIS is why it is there!!!
>
> Amos
>
>>>
>>> ons 2009-09-09 klockan 12:09 +0300 skrev Kevin Kimani:

 am using ubuntu.

 The browser displays "The following error was encounterd
 Unable to determine IP address from hostname for www.aphrc.org
 the dns"

 On Wed, Sep 9, 2009 at 11:58 AM, Henrik
 Nordstrom wrote:
>
> ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani:
>
>> This is the error message am getting from access.log.
>> 1252483940.606      2 10.176.203.55 TCP_MISS/503 1660 GET
>> http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html
>
> What error do you get in the browser (disable "show friendly error
> message" is using MSIE)
>
> Regards
> Henrik
>
>
>>>
>
>
> --
> Please be using
>  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>  Current Beta Squid 3.1.0.13
>

Re: [squid-users] TCP_MISS/503

[Amos Jeffries]

Kevin Kimani wrote:

am also wondering why its not resolving. Am blank with no ideas not
sure what to do next

On Wed, Sep 9, 2009 at 12:49 PM, Henrik
Nordstrom wrote:

Hmm.. that does not match your access.log entry where it obviously could
find the IP..



Looks to me like your Squid resolved the domain to IP 63.246.8.100 and 
passed the request on. But got a 503 message back from that machine.


Does the error page finish with the hostname and version of your Squid 
or some other?



Lesson to anyone wanting to remove the squid signature from their error 
pages:  THIS is why it is there!!!


Amos



ons 2009-09-09 klockan 12:09 +0300 skrev Kevin Kimani:

am using ubuntu.

The browser displays "The following error was encounterd
Unable to determine IP address from hostname for www.aphrc.org
the dns"

On Wed, Sep 9, 2009 at 11:58 AM, Henrik
Nordstrom wrote:

ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani:


This is the error message am getting from access.log.
1252483940.606  2 10.176.203.55 TCP_MISS/503 1660 GET
http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html

What error do you get in the browser (disable "show friendly error
message" is using MSIE)

Regards
Henrik







--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
  Current Beta Squid 3.1.0.13

Re: [squid-users] TCP_MISS/503

[Kevin Kimani]

am also wondering why its not resolving. Am blank with no ideas not
sure what to do next

On Wed, Sep 9, 2009 at 12:49 PM, Henrik
Nordstrom wrote:
> Hmm.. that does not match your access.log entry where it obviously could
> find the IP..
>
>
> ons 2009-09-09 klockan 12:09 +0300 skrev Kevin Kimani:
>> am using ubuntu.
>>
>> The browser displays "The following error was encounterd
>> Unable to determine IP address from hostname for www.aphrc.org
>> the dns"
>>
>> On Wed, Sep 9, 2009 at 11:58 AM, Henrik
>> Nordstrom wrote:
>> > ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani:
>> >
>> >> This is the error message am getting from access.log.
>> >> 1252483940.606      2 10.176.203.55 TCP_MISS/503 1660 GET
>> >> http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html
>> >
>> > What error do you get in the browser (disable "show friendly error
>> > message" is using MSIE)
>> >
>> > Regards
>> > Henrik
>> >
>> >
>
>

Re: [squid-users] TCP_MISS/503

[Henrik Nordstrom]

Hmm.. that does not match your access.log entry where it obviously could
find the IP..


ons 2009-09-09 klockan 12:09 +0300 skrev Kevin Kimani:
> am using ubuntu.
> 
> The browser displays "The following error was encounterd
> Unable to determine IP address from hostname for www.aphrc.org
> the dns"
> 
> On Wed, Sep 9, 2009 at 11:58 AM, Henrik
> Nordstrom wrote:
> > ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani:
> >
> >> This is the error message am getting from access.log.
> >> 1252483940.606  2 10.176.203.55 TCP_MISS/503 1660 GET
> >> http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html
> >
> > What error do you get in the browser (disable "show friendly error
> > message" is using MSIE)
> >
> > Regards
> > Henrik
> >
> >

Re: [squid-users] TCP_MISS/503

[Kevin Kimani]

am using ubuntu.

The browser displays

"The following error was encounterd
Unable to determine IP address from hostname for www.aphrc.org
the dnsserver returned :
DNS Domain 'www.aphrc.org' is invalid. Host not found (authoritative)
This means that
The cache was unable to resolve the the hostname presentedin the URL"


On Wed, Sep 9, 2009 at 12:09 PM, Kevin Kimani wrote:
> am using ubuntu.
>
> The browser displays "The following error was encounterd
> Unable to determine IP address from hostname for www.aphrc.org
> the dns"
>
> On Wed, Sep 9, 2009 at 11:58 AM, Henrik
> Nordstrom wrote:
>> ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani:
>>
>>> This is the error message am getting from access.log.
>>> 1252483940.606      2 10.176.203.55 TCP_MISS/503 1660 GET
>>> http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html
>>
>> What error do you get in the browser (disable "show friendly error
>> message" is using MSIE)
>>
>> Regards
>> Henrik
>>
>>
>

Re: [squid-users] TCP_MISS/503

[Kevin Kimani]

am using ubuntu.

The browser displays "The following error was encounterd
Unable to determine IP address from hostname for www.aphrc.org
the dns"

On Wed, Sep 9, 2009 at 11:58 AM, Henrik
Nordstrom wrote:
> ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani:
>
>> This is the error message am getting from access.log.
>> 1252483940.606      2 10.176.203.55 TCP_MISS/503 1660 GET
>> http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html
>
> What error do you get in the browser (disable "show friendly error
> message" is using MSIE)
>
> Regards
> Henrik
>
>

Re: [squid-users] TCP_MISS/503

[Henrik Nordstrom]

ons 2009-09-09 klockan 11:24 +0300 skrev Kevin Kimani:

> This is the error message am getting from access.log.
> 1252483940.606  2 10.176.203.55 TCP_MISS/503 1660 GET
> http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html

What error do you get in the browser (disable "show friendly error
message" is using MSIE)

Regards
Henrik

[squid-users] TCP_MISS/503

[Kevin Kimani]

Hi all,

Am running squid 2.6 in CentOS which is behind a firewall. Am able to
access other websites using the proxy apart from aphrc.org. Its been
recuring since yesterday in the afternoon and all was working well in
the morning.

This is the error message am getting from access.log.
1252483940.606  2 10.176.203.55 TCP_MISS/503 1660 GET
http://www.aphrc.org/ - DIRECT/63.246.8.100 text/html

I have entered the DNS nameservers in the squid file.

All the help will highly be appreciated

Re: [squid-users] TCP_MISS/503 and icp

[Chris Robertson]

Amos Jeffries wrote:

Hi,

I have some hosts that use one squid-1 server that has a squid-2 parent:

I mean squid-1 has:

cache_peer parent.domain parent  80803130


But some sites are unaccessible, in special those sites with url having an
"?"

for example:

 1242674301.146104 10.128.255.189 TCP_MISS/503 1415 GET
http://ar.yahoo.com/? - DIRECT/209.191.93.55 text/html




You will get a better trace of these without stripping the query string.

http://www.squid-cache.org/Doc/config/strip_query_terms/

  

and browser shows:

Error
The requested URL could not be retrieved

While trying to retrieve the URL http://ar.yahoo.com/?

The following error was encountered:

*Connection to 209.191.93.55

The system returned:

(111) Connectio0n refused


Also, On the squid-1 iptables are doing REDIRECT.

Please could you tell me what's wrong?



By default dynamic pages cannot be trusted through peers. Squid up until
very recently added no-cache to peer requests (IIRC), which screws up the
bandwidth savings. So while its safe enough to turn on caching of dynamic
pages it's still a sticky issue if they pass through peers.

http://www.squid-cache.org/Doc/config/hierarchy_stoplist/
  


Also see 
http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#head-f7c4c667d4154ec5a9619044ef7d8ab94dfda39b



Your trace shows Squid-1 is not using the squid-2 as a source, its just
trying to go there DIRECTly. And the source is actively doing a TCP level
reset/denial.

Amos
  


Chris

Re: [squid-users] TCP_MISS/503 and icp

[Amos Jeffries]

> Hi,
>
> I have some hosts that use one squid-1 server that has a squid-2 parent:
>
> I mean squid-1 has:
>
> cache_peer parent.domain parent  80803130
>
>
> But some sites are unaccessible, in special those sites with url having an
> "?"
>
> for example:
>
>  1242674301.146104 10.128.255.189 TCP_MISS/503 1415 GET
> http://ar.yahoo.com/? - DIRECT/209.191.93.55 text/html
>

You will get a better trace of these without stripping the query string.

http://www.squid-cache.org/Doc/config/strip_query_terms/

>
> and browser shows:
>
> Error
> The requested URL could not be retrieved
>
> While trying to retrieve the URL http://ar.yahoo.com/?
>
> The following error was encountered:
>
> *Connection to 209.191.93.55
>
> The system returned:
>
> (111) Connectio0n refused
>
>
> Also, On the squid-1 iptables are doing REDIRECT.
>
> Please could you tell me what's wrong?

By default dynamic pages cannot be trusted through peers. Squid up until
very recently added no-cache to peer requests (IIRC), which screws up the
bandwidth savings. So while its safe enough to turn on caching of dynamic
pages it's still a sticky issue if they pass through peers.

http://www.squid-cache.org/Doc/config/hierarchy_stoplist/

Your trace shows Squid-1 is not using the squid-2 as a source, its just
trying to go there DIRECTly. And the source is actively doing a TCP level
reset/denial.

Amos

[squid-users] TCP_MISS/503 and icp

[Sergio Belkin]

Hi,

I have some hosts that use one squid-1 server that has a squid-2 parent:

I mean squid-1 has:

cache_peer parent.domain parent  80803130


But some sites are unaccessible, in special those sites with url having an "?"

for example:

 1242674301.146104 10.128.255.189 TCP_MISS/503 1415 GET
http://ar.yahoo.com/? - DIRECT/209.191.93.55 text/html


and browser shows:

Error
The requested URL could not be retrieved

While trying to retrieve the URL http://ar.yahoo.com/?

The following error was encountered:

*Connection to 209.191.93.55

The system returned:

(111) Connectio0n refused


Also, On the squid-1 iptables are doing REDIRECT.

Please could you tell me what's wrong?

Thanks in advance!

-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -

Re: [squid-users] TCP_MISS/503

[Henrik Nordstrom]

On tis, 2008-05-20 at 16:08 -0300, Mauricio Paulo de Sousa wrote:
> my squid, yestarday, started to make it, how you can see it is showing
> TCP_MISS/503""", and not TCP_MISS/200 how is the normal.
> Have any idea, how can i fix it??

What error is shown in the browser?

Note: If using MSIE then you need to disable "friendly error messages"
in the internet settings to see the actual error...  Firefox and most
others is knind enough to actually show the error to the user by
default.

Regards
Henrik




signature.asc
Description: This is a digitally signed message part

[squid-users] TCP_MISS/503

[Mauricio Paulo de Sousa]

Hello all,
my squid, yestarday, started to make it, how you can see it is showing
TCP_MISS/503""", and not TCP_MISS/200 how is the normal.
Have any idea, how can i fix it??

OS version: slackware 11.0
squid version: 2.6.STABLE13

1211309869.395 88 10.0.7.3 TCP_MISS/503 1567 GET
http://www.realmac.com.br/webmail - DIRECT/www.realmac.com.br
text/html
1211309888.669 66 10.0.7.3 TCP_MISS/503 1550 GET
http://www.unoesc.edu.br/ - DIRECT/www.unoesc.edu.br text/html
1211309896.780   5097 10.0.7.3 TCP_MISS/503 1550 GET
http://www.unoesc.edu.br/ - DIRECT/www.unoesc.edu.br text/html



thanks to all.
-- 
Mauricio Paulo de Sousa

RE: [squid-users] TCP_MISS/503 0 CONNECT

[Henrik Nordstrom]

ons 2007-03-07 klockan 07:37 + skrev Mehmet, Levent (Accenture):
> But I have tried this with a directly connected pc t the internet ad it
> works. But this site is only contactable via the software on port 1935
> or 443 or 80 for both TCP protocol and RTMP protocol ?

I could only contact the server on port tcp/1935.

port 80 immediately gave "connection refused".

port 443 never responded at all (looks firewalled), resulting in a
timeout after a long wait..

port 1935 accepted connections, but I don't know for what so I have not
tried to actually use it.. (only opened the TCP connection).

Regards
Henrik


signature.asc
Description: Detta är en digitalt signerad	meddelandedel

RE: [squid-users] TCP_MISS/503 0 CONNECT

[Mehmet, Levent \(Accenture\)]

But I have tried this with a directly connected pc t the internet ad it
works. But this site is only contactable via the software on port 1935
or 443 or 80 for both TCP protocol and RTMP protocol ?

The error appears when the application hangs with an error trying to
connect 

'Error occurred while trying to connect the vitero flash communication
server. The server with the address viteroaudio.emea.europa.eu could not
be connected. Please contact you systems administrator'


-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: 06 March 2007 20:51
To: Mehmet, Levent (Accenture)
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] TCP_MISS/503 0 CONNECT

tis 2007-03-06 klockan 16:54 + skrev Mehmet, Levent (Accenture):
>  
> Please can someone explain what is happening below:
>  
> TCP_MISS/503 0 CONNECT viteroaudio.emea.eurpoa.eu:443 -
> DIRECT/195.144.18.193 -

TCP_MISS/503 means Squid failed to connect to the requested server.


> I am unable to access this site via a application that uses
> viteroaudio.emea.europa.eu using port 1935 or 443 or 80 for both TCP
> protocol and RTMP protocol ?

Same here.. and same results using MSIE on Windows 2000 directly
connected to the Internet without proxy...

So I don't think it's a Squid issue..

Regards
Henrik

This email and any files transmitted with it are confidential. If you are not 
the intended recipient, any reading, printing, storage, disclosure, copying or 
any other action taken in respect of this email is prohibited and may be 
unlawful. 

If you are not the intended recipient, please notify the sender immediately by 
using the reply function and then permanently delete what you have 
received.Incoming and outgoing email messages are routinely monitored for 
compliance with the Department of Healths policy on the use of electronic 
communications. 

For more information on the Department of Healths email policy, click 
http://www.dh.gov.uk/DHTermsAndConditions/fs/en?CONTENT_ID=4110945&chk=x1C3Zw


The original of this email was scanned for viruses by Government Secure 
Intranet (GSi)  virus scanning service supplied exclusively by Cable & Wireless 
in partnership with MessageLabs.
On leaving the GSI this email was certified virus free.
The MessageLabs Anti Virus Service is the first managed service to achieve the 
CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK 
Government quality mark initiative for information security products and 
services.  For more information about this please visit www.cctmark.gov.uk

Re: [squid-users] TCP_MISS/503 0 CONNECT

[Henrik Nordstrom]

tis 2007-03-06 klockan 16:54 + skrev Mehmet, Levent (Accenture):
>  
> Please can someone explain what is happening below:
>  
> TCP_MISS/503 0 CONNECT viteroaudio.emea.eurpoa.eu:443 -
> DIRECT/195.144.18.193 -

TCP_MISS/503 means Squid failed to connect to the requested server.


> I am unable to access this site via a application that uses
> viteroaudio.emea.europa.eu using port 1935 or 443 or 80 for both TCP
> protocol and RTMP protocol ?

Same here.. and same results using MSIE on Windows 2000 directly
connected to the Internet without proxy...

So I don't think it's a Squid issue..

Regards
Henrik


signature.asc
Description: Detta är en digitalt signerad	meddelandedel

[squid-users] TCP_MISS/503 0 CONNECT

[Mehmet, Levent \(Accenture\)]

 
Please can someone explain what is happening below:
 
TCP_MISS/503 0 CONNECT viteroaudio.emea.eurpoa.eu:443 -
DIRECT/195.144.18.193 -
 
I am unable to access this site via a application that uses
viteroaudio.emea.europa.eu using port 1935 or 443 or 80 for both TCP
protocol and RTMP protocol ?
 
I dont get a error message ?
 
Do i need to allow something on squid ?
 
Below is my acl list:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

 
Regards 

Levent Mehmet 
Network Team Lead 
The Accenture MHRA Operate Unit 
Market Towers, 20th Floor 
1 Nine Elms Lane 
London 
SW8 5NQ 
  
E-mail: [EMAIL PROTECTED] 
Phone: +44 20 7084 3517 
Fax:   +44 20 7084 2627 


This email and any files transmitted with it are confidential. If you are not 
the intended recipient, any reading, printing, storage, disclosure, copying or 
any other action taken in respect of this email is prohibited and may be 
unlawful. 

If you are not the intended recipient, please notify the sender immediately by 
using the reply function and then permanently delete what you have 
received.Incoming and outgoing email messages are routinely monitored for 
compliance with the Department of Healths policy on the use of electronic 
communications. 

For more information on the Department of Healths email policy, click 
http://www.dh.gov.uk/DHTermsAndConditions/fs/en?CONTENT_ID=4110945&chk=x1C3Zw


The original of this email was scanned for viruses by Government Secure 
Intranet (GSi)  virus scanning service supplied exclusively by Cable & Wireless 
in partnership with MessageLabs.
On leaving the GSI this email was certified virus free.
The MessageLabs Anti Virus Service is the first managed service to achieve the 
CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK 
Government quality mark initiative for information security products and 
services.  For more information about this please visit www.cctmark.gov.uk

Re: [squid-users] TCP_MISS/503

[Henrik Nordstrom]

fre 2006-07-21 klockan 15:28 +0200 skrev Fabio:
> hi everyone
> I have a BIG problem I can't solve with my squid.
> sometimes (randomly) I have an error in retrieving the URL
> in logs it appears as:
> 1153487449.160   2211 10.91.195.69 TCP_MISS/503 1660 GET
> http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3
>  -
> NONE/- text/html

Anything in cache.log?

What appears in the browser?

Note: if using MSIE then you probably need to disable "Show user
friendly error messages" in the advanced internet settings to stop IE
from replacing the error message with a generic "an error occurred"
message designed by Microsoft to make users less aware of what is going
on...

> from what it's depends?

Can be a wide variety of different things unfortunately.

> where can I find the explanation of the error codes?

The FAQ has a section explaining many.

In this case TCP_MISS indicates it was a cache miss, and /503 indicates
that Squid could not contact the requested server for some reason. The
full details was shown in the error message sent to the client.

Regards
Henrik



signature.asc
Description: Detta är en digitalt signerad	meddelandedel

Re: [squid-users] TCP_MISS/503

[Visolve Squid]

Fabio wrote:


hi everyone
I have a BIG problem I can't solve with my squid.
sometimes (randomly) I have an error in retrieving the URL
in logs it appears as:
1153487449.160   2211 10.91.195.69 TCP_MISS/503 1660 GET
http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3
 -
NONE/- text/html
1153487449.332  1 10.91.195.69 TCP_MISS/503 1538 GET
http://www.sing365.com/favicon.ico - NONE/- text/html
1153487455.352 45 10.91.195.69 TCP_MISS/503 1660 GET
http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3
 -
NONE/- text/html



from what it's depends?
where can I find the explanation of the error codes?
regards,


Hello Fabio,

*TCP_MISS* message will come when the requested object is not in the cache.
For more details about squid status codes visit at: 
http://wiki.squid-cache.org/SquidFaq/SquidLogs#head-2914f3a846d41673d4ae34018142e672b8f258ce. 



--
Thanks,
Visolve Squid Team,
http://squid.visolve.com

[squid-users] TCP_MISS/503

[Fabio]

hi everyone
I have a BIG problem I can't solve with my squid.
sometimes (randomly) I have an error in retrieving the URL
in logs it appears as:
1153487449.160   2211 10.91.195.69 TCP_MISS/503 1660 GET
http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3
 -
NONE/- text/html
1153487449.332  1 10.91.195.69 TCP_MISS/503 1538 GET
http://www.sing365.com/favicon.ico - NONE/- text/html
1153487455.352 45 10.91.195.69 TCP_MISS/503 1660 GET
http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3
 -
NONE/- text/html



from what it's depends?
where can I find the explanation of the error codes?
regards,

fabio

Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode

[Andreas Pettersson]

> It is probably a good time to run a "squid -k debug" dump to verify that 
> your Squid is properly identifying the connection as intercepted and 
> resolving the original destination IP.

Ok. One thing I noticed is these three mime_get_header rows that is seen in squid-2.5 
but not in squid-3.0

2004/09/29 12:00:05| mime_get_header: looking for 'Host'
2004/09/29 12:00:05| mime_get_header: checking 'Host: www.squid-cache.org'
2004/09/29 12:00:05| mime_get_header: returning 'www.squid-cache.org'
2004/09/29 12:00:05| parseHttpRequest: Complete request received

Would that mean that squid-3.0 don't see the connection as intercepted on my system?
And if it does, am I out of luck then? ;-)

/Andreas

Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode

[Henrik Nordstrom]

On Tue, 28 Sep 2004, Andreas Pettersson wrote:
Is there anything at all in cache.log which may be relevant?
Earlier the following occured, but I'm not sure exactly what configuration I was 
running at the time (I have tested a LOT of different configurations.. I might have 
run some stupid conf..)
2004/09/28 11:36:37| Failed to select source for 'http://www.domain.se/'
2004/09/28 11:36:37|   always_direct = 0
2004/09/28 11:36:37|never_direct = 0
2004/09/28 11:36:37|timedout = 0
This is a new one... never seen that before.
Another thing I have noticed in cache.log was before I recompiled my 
kernel with IPFIREWALL and IPFIREWALL_FORWARD. I loaded ipfw manually 
after boot instead (kldload ipfw) but that wouldn't do it for squid, 
which complained with this:

parseHttpRequest: NAT open failed: (2) No such file or directory
If you see this then transparent interception won't work as Squid won't 
have a clue on how to resolve the intercepted connections correctly.

You can still configure Squid-3 as an accelerator for all domains of the 
whole Internet using the vhost directive, much like Squid-2 worked. The 
main difference is that Squid-3 automatically enables never_direct on 
accelerated requests (but not on transparently intercepted requests) and 
you would need to counter this by using the always_direct directive.

All google hits stated that /dev/nat was missing on my system. But after 
kernel recompilation /dev/nat is still missing. The nat device is called 
/dev/ipnat.
Squid knows both.
However the error message does no longer appear in cache.log. I don't 
know if it has anything to do with my problem, but I think it's worth 
mentioning.
It is probably a good time to run a "squid -k debug" dump to verify that 
your Squid is properly identifying the connection as intercepted and 
resolving the original destination IP.

Regards
Henrik

Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode

[Andreas Pettersson]

> Is there anything at all in cache.log which may be relevant?

Earlier the following occured, but I'm not sure exactly what configuration I was 
running at the time (I have tested a LOT of different configurations.. I might have 
run some stupid conf..)

2004/09/28 11:36:37| Failed to select source for 'http://www.domain.se/'
2004/09/28 11:36:37|   always_direct = 0
2004/09/28 11:36:37|never_direct = 0
2004/09/28 11:36:37|timedout = 0

Another thing I have noticed in cache.log was before I recompiled my kernel with 
IPFIREWALL and IPFIREWALL_FORWARD. I loaded ipfw manually after boot instead (kldload 
ipfw) but that wouldn't do it for squid, which complained with this:

parseHttpRequest: NAT open failed: (2) No such file or directory

All google hits stated that /dev/nat was missing on my system. But after kernel 
recompilation /dev/nat is still missing. The nat device is called /dev/ipnat. However 
the error message does no longer appear in cache.log.
I don't know if it has anything to do with my problem, but I think it's worth 
mentioning.

/Andreas

Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode

[Henrik Nordstrom]

On Tue, 28 Sep 2004, Andreas Pettersson wrote:
http_port 127.0.0.1:80 transparent
This is not working. "Invalid URL" (NONE/400 1749 GET / - NONE/- text/html)
Is there anything at all in cache.log which may be relevant?
Since the redirection has proven to be working I assume there's something wrong with my squid3, but I just cannot get a grip of what... :-/
It is possible the firewall integration is not working properly on your 
OS. Squid-3 is still under development and a lot of testing remains..

Regards
Henrik

Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode

[Andreas Pettersson]

> > it stops working. The browser indicates that it has contact with the web server, 
> > but nothing happens. After some time this may appear in access.log:
> > TCP_MISS/000 0 GET http://idg.se:8090/ - NONE/- -
> 
> If it gets this far the redirection works but something prevents Squid 
> from making the requests out to the Internet.
> 
> Regards
> Henrik

Weird..  Let's step a few steps back and forget all high ports. Ipfw is forwarding all 
http packets to localhost port 80 as described earlier.

Squid-2.5STABLE7-RC1 (Note: NOT compiled with --enable-ipf-transparent)
squid.conf:

http_port 80
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

This is working.

I shutdown Squid-2.5 and start Squid-3 instead (compiled with --enable-ipf-transparent)
squid.conf:

http_port 127.0.0.1:80 transparent

This is not working. "Invalid URL" (NONE/400 1749 GET / - NONE/- text/html)
Since the redirection has proven to be working I assume there's something wrong with 
my squid3, but I just cannot get a grip of what... :-/

Anyway, I'm really appreciating all you help, Henrik.

/Andreas

Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode

[Henrik Nordstrom]

On Tue, 28 Sep 2004, Andreas Pettersson wrote:
it stops working. The browser indicates that it has contact with the web server, but 
nothing happens. After some time this may appear in access.log:
TCP_MISS/000 0 GET http://idg.se:8090/ - NONE/- -
If it gets this far the redirection works but something prevents Squid 
from making the requests out to the Internet.

Regards
Henrik

Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode

[Andreas Pettersson]

> When running Squid-3 instead the problem is these log entries:
> NONE/400 1749 GET / - NONE/- text/html
> which of course generates "Invalid URL" in the browser.

I forgot to mention, there's no errors in cache.log.

/Andreas

Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode

[Andreas Pettersson]

> The error indicates Squid does not realize these connections have been 
> transparently intercepted.
> 
> Make sure you have the correct --enable-- option for integrating Squid 
> with your OS firewall, and no related errors in cache.log.
> 
> Regards
> Henrik

Good point. I had missed that. However it still doesn't work..
I have followed all instructions on http://www.squid-cache.org/Doc/FAQ/FAQ-17.html .
It actually works with Squid 2.5, but only when the hijacked packets are redirected to 
port 80.
If I change http_port 80 to http_port 8090, and httpd_accel_port from 80 to 8090, and 
use this ipfw command:

ipfw add 50 fwd 127.0.0.1 tcp from any to any 80

instead of

ipfw add 50 fwd 127.0.0.1,8090 tcp from any to any 80

it stops working. The browser indicates that it has contact with the web server, but 
nothing happens. After some time this may appear in access.log:
TCP_MISS/000 0 GET http://idg.se:8090/ - NONE/- -

I suspect there's something wrong with the packet forwarding..

When running Squid-3 instead the problem is these log entries:
NONE/400 1749 GET / - NONE/- text/html
which of course generates "Invalid URL" in the browser.

/Andreas

Re: [squid-users] TCP_MISS/503 with Squid-3 in transparent mode

[Henrik Nordstrom]

On Sun, 26 Sep 2004, Andreas Pettersson wrote:
squid.conf:
http_port :8093 transparent vhost
Don't use the vhost directive. This is for accelerator mode, not 
transparent proxies.

Regards
Henrik

[squid-users] TCP_MISS/503 with Squid-3 in transparent mode

[Andreas Pettersson]

Hi all.

I thought it was about time to do some heavy testing of Squid-3 (3.0-PRE3-20040830), 
but almost immediately I ran into problems..
I'm using FreeBSD 5.1 as a gateway with 2 NICs and has set up the following ipfw rules:

allow tcp from  to any
allow tcp from  to any
fwd ,8093 tcp from  to any dst-port 80

squid.conf:
http_port :8093 transparent vhost

The same squid config also serves an ordinary proxy service at port 8083, which is 
working perfectly. But when intercepting the web traffic the following shows up in 
access.log:
TCP_MISS/503 2143 GET http://server.com/ - NONE/- text/html

The client is presented an error page saying "Unable to forward this request at this 
time."

Have I missed something essential?
Thanks in advance.

/Andreas

Re: [squid-users] TCP_MISS/503 Errors.

[Emilio Casbas]

Marc Hultquist wrote:
I am very new to squid ! And while yes I have been able to setup a squid proxy 
server, it has been fine up until now. Let me basically explain my setup 
quickly.

Squid Proxy Server(10.240.1.242:8000)
Wireless 2mb connection.
The users will basically authenticate against the squid proxy server against 
the local acl files located in /var/squid, it does not have a problem with 
the authing against the files, but where it seems to fail is that no matter 
what site the users try to go to, it will show them the following message

While trying to retrieve the URL: http://www.genetech.co.za/
The following error was encountered:
   * Connection Failed 
The system returned:
   (111) Connection refused
The remote host or network may be down. Please try the request again. 
Your cache administrator is [EMAIL PROTECTED] 

and in the /var/log/squid/access.log file I see the following.
1086939227.215   5936 10.240.1.208 TCP_MISS/503 1023 GET 
http://www.genetech.co.za/ marc NONE/- -

and no matter _what_ site the users or myself go to it will give the same 
error, and shows the same line in the access.log file. I then try using 
another proxy on the network and everything works 100% ! ? I phoned the 
service provider and well they seem to think their is not a single problem 
with the wireless tower in our area, I do have full signal, but yes I just 
cannot seem to resolve anything ?

ANY help would be appretiated
 

The 503 code indicates that the server is temporarily unable to process the
client's request. A server  overloaded may use this code to let the client
know that it can retry the request later.
What differences do you have between the proxys that works ok
and this proxy?.
Emilio C.

Re: [squid-users] TCP_MISS/503 Errors.

[Muthukumar]

> While trying to retrieve the URL: http://www.genetech.co.za/
> The following error was encountered:
> * Connection Failed
> The system returned:
> (111) Connection refused
> The remote host or network may be down. Please try the request again.
> Your cache administrator is [EMAIL PROTECTED]
>
> and in the /var/log/squid/access.log file I see the following.
>
> 1086939227.215   5936 10.240.1.208 TCP_MISS/503 1023 GET
> http://www.genetech.co.za/ marc NONE/- -
>

The problem may be because of network service. 503 code indicates Service unavailable.
If you get that message ,remote the proxy setting in browser and check again.

If you can access the net then it may be problem on proxy.
Else the problem is with the service.

Regards,
Muthukumar.



---
===  It is a "Virus Free Mail" ===
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004

[squid-users] TCP_MISS/503 Errors.

[Marc Hultquist]

I am very new to squid ! And while yes I have been able to setup a squid proxy 
server, it has been fine up until now. Let me basically explain my setup 
quickly.

Squid Proxy Server(10.240.1.242:8000)
Wireless 2mb connection.

The users will basically authenticate against the squid proxy server against 
the local acl files located in /var/squid, it does not have a problem with 
the authing against the files, but where it seems to fail is that no matter 
what site the users try to go to, it will show them the following message

While trying to retrieve the URL: http://www.genetech.co.za/
The following error was encountered:
* Connection Failed 
The system returned:
(111) Connection refused
The remote host or network may be down. Please try the request again. 
Your cache administrator is [EMAIL PROTECTED] 

and in the /var/log/squid/access.log file I see the following.

1086939227.215   5936 10.240.1.208 TCP_MISS/503 1023 GET 
http://www.genetech.co.za/ marc NONE/- -

and no matter _what_ site the users or myself go to it will give the same 
error, and shows the same line in the access.log file. I then try using 
another proxy on the network and everything works 100% ! ? I phoned the 
service provider and well they seem to think their is not a single problem 
with the wireless tower in our area, I do have full signal, but yes I just 
cannot seem to resolve anything ?

ANY help would be appretiated
-- 
 Marc Hultquist ([EMAIL PROTECTED])
 Computerkit Systems (Pty) Ltd
 http://www.cks.co.za
 (P) +27 11 695 5317
 (F) +27 11 312 1408
 (C) +27 82 563 2861
 Quote: "Chances are that if you do something that required two hands, your 
brain should be notified in advance"
Confidentiality Notice:
The above message and all attachments may contain privileged and confidential 
information intended only for the person or entity to which it is addressed. Any 
review, retransmission, dissemination, copy or other use of, or taking of any action 
in reliance upon this information by persons or entities other than the intended 
recipient is prohibited. If you received this message in error, please notify the 
sender immediately by e-mail, facsimile or telephone and thereafter delete the 
material from your computer. Any views expressed in this message are those of the 
individual sender, except where the sender specifically states them to be the view of 
the entity transmitting the message.  Computerkit Retail Systems (Pty) Ltd hereby 
distances itself from and accepts no liability in respect of the unauthorised use of 
its e-mail facility or the sending of e-mail communications for other than strictly 
business purposes