I did run in debug mode and when the request is done I can see 2016/03/03 18:43:13.784 kid1| Address.cc(378) lookupHostIP: Given Non-IP ' requested.URL.com': Name or service not known
I am using 8.8.8.8 in resolv.conf "public hostname not internal " and I can ping the URL that should be instead of requested.URL.com just fine from command line . I can also visit that URL in browser when using the transparent proxy in HTTP mode. On Fri, Mar 4, 2016 at 12:57 AM, Ali Jawad <alijaw...@gmail.com> wrote: > Hi > I am using Squid > > [root@kgoDcyTx9 squid]# /squid/sbin/squid -v > > Squid Cache: Version 3.4.9 > > configure options: '--prefix=/squid' '--includedir=/squid/usr/include' > '--enable-ssl-crtd' '--datadir=/squid/usr/share' '--bindir=/squid/usr/sbin' > '--libexecdir=/squid/usr/lib/squid' '--localstatedir=/squid/var' > '--sysconfdir=/squid/etc/squid' '--enable-arp-acl' > '--enable-follow-x-forwarded-for' '--enable-auth' > '--enable-auth-basic=DB,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' > '--enable-auth-ntlm=smb_lm,fake' > '--enable-auth-digest=file,LDAP,eDirectory' > '--enable-auth-negotiate=kerberos' > '--enable-external-acl-helpers=file_userip,LDAP_group,session,unix_group,wbinfo_group' > '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' > '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' > '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-referer-log' > '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl' > '--enable-storeio=aufs,diskd,ufs' '--enable-useragent-log' > '--enable-wccpv2' '--enable-esi' '--with-aio' '--with-default-user=squid' > '--with-filedescriptors=64000' '--with-dl' '--with-openssl' > '--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu' > 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' > 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' > 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' > 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig' > '--enable-ltdl-convenience' '--disable-ipv6' > > > Config Options > > > https_port 3129 intercept ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB cert=/squid/etc/squid/ssl_cert/myca.pem > key=/squid/etc/squid/ssl_cert/myca.pem > > > #always_direct allow all > > ssl_bump server-first all > > sslproxy_cert_error allow all > > sslproxy_flags DONT_VERIFY_PEER > > #sslproxy_cert_error deny all > > #sslproxy_flags DONT_VERIFY_PEER > > > sslcrtd_program /squid/usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB > > sslcrtd_children 8 startup=1 idle=1 > > > Iptables Rule > > iptables -t nat -A PREROUTING -p tcp --dport 443 --destination > 162.220.xx.xx -j REDIRECT --to-ports 3129 > > > The problem : > > There are no certificate errors in the cache log and access log appears to > log the requested URL, the problem is that Squid shows the error below, > from the looks of it Squid is trying to send the request to itself on its > own IP, my assumption is that Squid is not able to detect the proper > destination during bump "through a config fault of my own" or a missing > step. Please advice : > > The following error was encountered while trying to retrieve the URL: > ://162.220.xx.xx:443 > <https://ipv6_1.lagg0.c052.lhr004.ix.nflxvideo.net/://162.220.244.7:443> > > *Connection to 162.220.244.7 failed.* > > The system returned: *(111) Connection refused* > > > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users