Hi,
I have a server running redhat advanced server 2.1 that is a proxy for our
local lan (some 50 desktops).
it's running squid for http and ftp proxying and it works fine.
However, every now and then, i see blocked packets in the firewall log that
should have been let through because they were part of an existing
connection.
the firewall is configured to permit all connections in the related and
established state.
example:
desktop client ---> http request ----> SQUID PROXY ------> actual web
site -----> http response -----> SQUID PROXY ----> desktop client
sometimes i see this in my iptables log:
Jul 1 12:43:46 dobermann kernel: -drop_the_rest-IN= OUT=eth1 SRC=172.21.3.1
DST=172.21.3.199 LEN=1092 TOS=0x00 PREC=0x00 TTL=64 ID=4352 PROTO=TCP
SPT=3128 DPT=1588 WINDOW=16501 RES=0x00 ACK PSH FIN URGP=0
To me this looks like the proxy (listening on port 3128) received the http
info from the web site, and tries to pass it on to the client who requested
it. the only reason why i can think that this would cause it to be dropped
is that the connection table didn't list this connection as active anymore
and didn't consider it to be either 'RELATED' or 'ESTABLISHED' traffic.
cat /proc/net/ip_conntrack | wc -l reports 173, which i assume is the number
of connections currently open. it doesn't look to high to me ?
Any useful insights ?
thanks,
Tom.
|
Similar Threads
Linear Mode
