Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TCP_MISS/503

    Scheduled Pinned Locked Moved Cache/Proxy
    13 Posts 4 Posters 9.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pavlos.g
      last edited by pavlos.g

      Hello everyone,

      we recently switched to using pfSense with squid as transparent proxy server.

      We're facing some issues with specific sites (plain http) that return error :

      The following error was encountered while trying to retrieve the URL: http://<public ip>:8080/
      Connection to <public ip> failed.
      The system returned: (60) Operation timed out
      The remote host or network may be down. Please try the request again.

      Squid's access.log shows a TCP_MISS/503 error.

      I've tried the following settings:

      • Added my IP to "Bypass Proxy for These Source IPs" - not working
      • Added the public IP to "Bypass Proxy for These Destination IPs" - not working
      • "Prefer IPv4 over IPv6" is checked

      Any ideas on how to make this work?

      Thanks in advance,
      Pavlos

      vallumV 1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        First you need to figure out what the actual problem is first before you can fix it. What does your squid realtime log say at the moment that this error happens?

        P 1 Reply Last reply Reply Quote 0
        • P
          pavlos.g @KOM
          last edited by

          @kom As already stated, realtime monitor shows the TCP_MISS/503 error status.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            I saw that but I was hoping there was more. A MISS is very common. I assume it works fine when not going though squid? You may have to modify your Integrations to add debug options to get more log detail.

            http://www.squid-cache.org/Doc/config/debug_options/

            1 Reply Last reply Reply Quote 0
            • vallumV
              vallum @pavlos.g
              last edited by vallum

              @pavlos-g
              Is there HTTP to HTTPS redirect ?

              Manu

              P 1 Reply Last reply Reply Quote 0
              • P
                pavlos.g @vallum
                last edited by

                @rootvallum No, it's plain http with no redirection to https.

                O vallumV 2 Replies Last reply Reply Quote 0
                • P
                  pavlos.g
                  last edited by

                  @kom Actually the MISS part seems to be ok, cause ASAIK it means that the content requested is just not cached.
                  The real problem is the 503 part.

                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by

                    The 503 is the MISS and it's not an error. It has nothing to do with your problem.

                    O 1 Reply Last reply Reply Quote 0
                    • O
                      onyxfire @KOM
                      last edited by onyxfire

                      @kom ummm no. The 503 is NOT anything to due with squid itself. Squid reports a "tag" to tell you something about the action or result of a request from its end (i.e. TCP_MISS or TCP_TUNNEL or TCP_NONE) and also the HTTP error code (in this case 503). That is a standard HTTP code that means "Service Unavailable" which means the site that it tried to load did not work (for whatever reason).

                      @pavlos-g I would suggest testing without the proxy (mobile device or something not going through your firewall) and confirm the site is not down.

                      1 Reply Last reply Reply Quote 0
                      • O
                        onyxfire @pavlos.g
                        last edited by

                        @pavlos-g Also, there is a setting in Squid on the general tab that says "Resolve DNS IPv4 First" that can help with some issues especially if you are blocking IPv6. Without more detail into your configuration and the specific site in question maybe you could check that setting as well. This is all also assuming the site is working on a device that is not going through the proxy

                        P 1 Reply Last reply Reply Quote 0
                        • P
                          pavlos.g @onyxfire
                          last edited by

                          @onyxfire It's already set, didn't help either. Thanks for the tip though ;)

                          1 Reply Last reply Reply Quote 0
                          • vallumV
                            vallum @pavlos.g
                            last edited by

                            @pavlos-g said in TCP_MISS/503:

                            @rootvallum No, it's plain http with no redirection to https.

                            By any chance destination web-server is on Microsoft IIS ?

                            Manu

                            P 1 Reply Last reply Reply Quote 0
                            • P
                              pavlos.g @vallum
                              last edited by

                              @rootvallum Nope, the response i got is Apache-Coyote/1.1

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.