Re: firewall but pinging the destination host?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 20 Jun 1998 00:12:30 +0200

Heiko Schlittermann wrote:
> running 1.1.21 I got a very poor performance
> since it seems as if the squid tries to
> ping the destination first and then uses
...
> Any hints?

You have probably enabled source_ping in squid.conf. Turn it off.

There should be a big WARNING next to the source_ping option. It is
generally speaking a bad idea to enable it. Many site network
administrators get really upset by it (it's unexpected traffic, which
gets caught in various montitors watching for possible network attacks)
and it generates extra network traffic in both directions.

What you experience is a paranoid network administrator that has blocked
ICMP ECHO or UDP port 7 in their router since they don't want this kind
of traffic from the Internet by valid security reasons.

There is not much effort spent on the ICMP or ICP source pings at this
time, and it will probably be replaced by other options/methods for
request routing later on.

---
Henrik Nordström
Sparetime Squid Hacker
Received on Fri Jun 19 1998 - 17:23:51 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:45 MST