Windows Client - 10.0.0.23 MAC (9d:3a:96) root@ISN-PHC-CACHE:/home/support # arp -a (10.0.0.9) at 00:00:0c:07:ac:01 on bge0 THIS IS THE PHYSICAL INTERFACE ON THE ROUTER (10.0.0.10) at 88:5a:92:63:77:81 on bge0 THIS IS THE GATEWAY IP ON THE DESKTOP AND SQUID SERVER (10.0.0.24) at a0:d3:c1:06:a5:c4 on bge0 THIS IS THE SQUID SERVER
User was trying to access www.espn.com Frame 8 and 9 is where I get my access denied. No. Time Source Destination Protocol Length Info 7 0.508041 68.71.212.158 10.0.0.23 TCP 3902 80→42794 [PSH, ACK] Seq=412 Ack=401 Win=65664 Len=1460 Frame 7: 3902 bytes on wire (31216 bits), 1500 bytes captured (12000 bits) Encapsulation type: Ethernet (1) Arrival Time: Mar 6, 2015 09:41:41.453922000 Eastern Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1425652901.453922000 seconds [Time delta from previous captured frame: 0.000118000 seconds] [Time delta from previous displayed frame: 0.000118000 seconds] [Time since reference or first frame: 0.508041000 seconds] Frame Number: 7 Frame Length: 3902 bytes (31216 bits) Capture Length: 1500 bytes (12000 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96) Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96) Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4) Type: IP (0x0800) Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23) Version: 4 Header Length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 1500 Identification: 0x2222 (8738) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x0000 [validation disabled] Source: 68.71.212.158 (68.71.212.158) Destination: 10.0.0.23 (10.0.0.23) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 412, Ack: 401, Len: 1460 No. Time Source Destination Protocol Length Info 8 0.508073 68.71.212.158 10.0.0.23 TCP 170 [TCP Previous segment not captured] [TCP segment of a reassembled PDU] Frame 8: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits) Encapsulation type: Ethernet (1) Arrival Time: Mar 6, 2015 09:41:41.453954000 Eastern Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1425652901.453954000 seconds [Time delta from previous captured frame: 0.000032000 seconds] [Time delta from previous displayed frame: 0.000032000 seconds] [Time since reference or first frame: 0.508073000 seconds] Frame Number: 8 Frame Length: 170 bytes (1360 bits) Capture Length: 170 bytes (1360 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update] Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96) Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96) Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4) Type: IP (0x0800) Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23) Version: 4 Header Length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 156 Identification: 0x2223 (8739) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x0000 [validation disabled] Source: 68.71.212.158 (68.71.212.158) Destination: 10.0.0.23 (10.0.0.23) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 4260, Ack: 401, Len: 116 No. Time Source Destination Protocol Length Info 9 0.508835 10.0.0.23 68.71.212.158 TCP 60 [TCP ACKed unseen segment] 42794→80 [ACK] Seq=401 Ack=3332 Win=65536 Len=0 Frame 9: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Encapsulation type: Ethernet (1) Arrival Time: Mar 6, 2015 09:41:41.454716000 Eastern Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1425652901.454716000 seconds [Time delta from previous captured frame: 0.000762000 seconds] [Time delta from previous displayed frame: 0.000762000 seconds] [Time since reference or first frame: 0.508835000 seconds] Frame Number: 9 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update] Ethernet II, Src: Cisco_63:77:81 (88:5a:92:63:77:81), Dst: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4) Destination: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4) Source: Cisco_63:77:81 (88:5a:92:63:77:81) Type: IP (0x0800) Padding: aaaa0000aaaa Internet Protocol Version 4, Src: 10.0.0.23 (10.0.0.23), Dst: 68.71.212.158 (68.71.212.158) Version: 4 Header Length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 40 Identification: 0x572a (22314) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 127 Protocol: TCP (6) Header checksum: 0x81a9 [validation disabled] Source: 10.0.0.23 (10.0.0.23) Destination: 68.71.212.158 (68.71.212.158) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: 42794 (42794), Dst Port: 80 (80), Seq: 401, Ack: 3332, Len: 0 On Fri, Mar 6, 2015 at 8:57 AM, Antony Stone < antony.st...@squid.open.source.it> wrote: > On Friday 06 March 2015 at 14:50:50 (EU time), Monah Baki wrote: > > > http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf > > > > So something else is missing? > > Can you run a packet sniffer on the proxy, to see what packets come in > (noting > the MAC address of the previous hop), what packets go out (to what > address/es), and whether they then seem to come back in again (and if so, > from > which MAC address)? > > That might give you a clue as to where the forwarding loop is being > created. > > > Regards, > > > Antony. > > -- > How I want a drink, alcoholic of course, after the heavy chapters involving > quantum mechanics. > > - mnemonic for 3.14159265358979 > > Please reply to the > list; > please *don't* CC > me. > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users