On Wed, 10 Mar 2010 21:12:04 +1300, Amos Jeffries <squid3_at_treenet.co.nz>
wrote:
> Jan Houtsma wrote:
>> Op 10-3-2010 1:44, Amos Jeffries schreef:
>>> On Tue, 09 Mar 2010 21:42:42 +0100, Jan Houtsma <list_at_houtsma.net>
>>> wrote:
>>>
>>>> Op 9-3-2010 21:37, Henrik Nordström schreef:
>>>>
>>>>> tis 2010-03-09 klockan 19:49 +0100 skrev Jan Houtsma:
>>>>>
>>>>>
>>>>>
>>>>>> Yes. The wget was from the squid server itself where using the
proxy
>>>>>>
>>> it
>>>
>>>>>> fails, and using direct internet connection it works.
>>>>>>
>>>>>>
>>>>> What does access.log say when it fails? Do the reported server
address
>>>>> match what you expect it to be for the requested host?
>>>>>
>>>>>
>>>> 1268167273.909 250 192.168.1.16 TCP_MISS/503 4234 GET
>>>> http://www.google.com/ - DIRECT/www.google.com text/html
>>>>
>>>>
>>>>>
>>>>>
>>>>>> So when squid is forwarding the http-GET request it fails. But when
>>>>>>
>>> wget
>>>
>>>>>> itself sends the http-GET request it works.
>>>>>>
>>>>>>
>>>>> Perhaps time to fire up wireshark to look at the traffic..
>>>>>
>>>>> The error message received is very low level.. squid could not even
>>>>>
>>> open
>>>
>>>>> the TCP connection to the server.
>>>>>
>>>>> Regards
>>>>> Henrik
>>>>>
>>>>>
>>>> Yea, will do that
>>>>
>>> That log trace you showed had Squid attempting and failing to connect
to
>>> IPv6-google.
>>> I would suspect a v6 routing failure here. Squid-3.1 has known bugs
with
>>> failover to IPv4 if IPv6 fails on a mixed-IP domain.
>>> Does the wget direct test you made from the Squid box use google IPv6
>>> addresses for its succeeding connection?
>>>
>>> Amos
>>>
>>
>> Hi,
>>
>> I agree! Then how can i prevent this? I also noticed mixed AAAA and A
>> records coming back from the resolver in the tcpdump traces. Is quid
>> confused? But i don't know if that could be the reason that squid fails
>> and succeeds when i press ^R within a few seconds after the first
>> failure..... If that is IP-v6 related what should i do? I guess i am
not
>> the only person in the world that is using squid v3.1 on a fedora box.
I
>> think it's strange that only i seem to have this symptom? It also only
>> started recently. Can it be that google made changed in DNS or that
>> squid was updated via yum? I do see squid was updated on both march 28
>> and on march 5 on my box.
>>
>> Nov 25 20:39:57 Updated: 7:squid-3.0.STABLE10-1.fc10.x86_64
>> Dec 22 22:03:18 Updated: 7:squid-3.0.STABLE10-3.fc10.x86_64
>> Feb 28 16:19:57 Updated: 7:squid-3.1.0.16-6.fc12.x86_64
>> <----- Google problem started to happen here???
>> Mar 05 14:38:11 Updated: 7:squid-3.1.0.17-3.fc12.x86_64
>>
>> It could well be that it started on feb 28 when squid was bumped up to
>> version 3.1??
>>
>
> Most likely. 3.1 adds IPv6 support where 3.0 would not even try to use
> it. Henrik is the one who would know if the "-3" patched package fixes
> the related issues from 3.1.0.16.
>
> I more suspect some blockage somewhere in the network, however. Squid is
> getting "cannot connect", which indicates something like a firewall or
> tunnel PMTU issue between Squid and google.
>
> The squid internal issues I know of tend to show up as "cannot assign
> address", or "family not supported", or trying to contact a mangled
> v4-mapped address.
>
> FWIW: We are happily receiving Google IPv6 here with the code about to
> be released as 3.1.0.18. Available in daily snapshots now.
>
> Amos
Blockage in the network for sure not. When i do exactly the same from the
exact same server with wget it works and i can load google without any
problems. However when i redirect wget via squid (*on the same box*) it
doesn't work (until i execute it again within a few seconds). When i wait
(say 30 seconds) it will fail again (via squid).
Also it works for any other website. It's only google that gives me these
troubles via squid. Very strange! So maybe a ipv6 issue after all because
squid received AAAA and A records from google and misbehaves by saying it
can't connect (of course it can't because i have no ipv6 routes or tunnels
set up)?
Needless to say that nothing changed on my server, except for the new
squid release as indicated above)....
Thanks for any help i can get.
--
jan
Received on Wed Mar 10 2010 - 15:57:08 MST
This archive was generated by hypermail 2.2.0 : Wed Mar 10 2010 - 12:00:03 MST