Hello Henrik, Thanks for the patch. This one works perfectly! Best regards, Martijn Broeders > -----Original Message----- > From: Henrik Nordstrom [mailto:hno@xxxxxxxxxxxxxxx] > Sent: Tuesday, May 31, 2005 4:03 AM > To: Martijn Broeders - HUB Labs > Cc: Squid Users > Subject: RE: [squid-users] squid 2.5 - ipf transparent proxy > - FreeBSD 5.3-p13 > > Updated patch. > > Found more errors int the same code for PF. The updated patch > rearranges > things to be a little softer and consistent on errors. In > most cases it > will work fine regardless (as you noticed with 2.5.STABLE9). > > On Tue, 31 May 2005, Henrik Nordstrom wrote: > > > On Mon, 30 May 2005, Martijn Broeders - HUB Labs wrote: > > > >> I did some debugging en testing.... and solved the problem. > >> > >> There seems to be a big difference between STABLE9 and STABLE10 > >> concerning ipnat and the --enable-ipf-transparent make arg. > >> > >> With STABLE10 you have to do a 'chown root:squid /dev/ipnat' > >> and a 'chmod g+rw /dev/ipnat' to succesfully enable transparent > >> proxying (assuming that you start your squid server with the > >> squid user and squid group). > >> > >> With STABLE9 you could leave the /dev/ipnat owned by root:wheel, > >> but with STABLE10 you cannot! > > > > It has always needed access to the nat device... > > > >> The core dump (described in my first mail with this subject) > >> occurs when the rights are not good on the ipnat device. > > > > Right. A return statement has gone missing there. > > > > The attached patch should restore the error handling equal > to 2.5.STABLE9: > > request rejected with error in cache.log. Please try this > patch and report > > back. > > > > note: To trigger this in 2.5.STABLE9 you need to send a > HTTP/1.0 request > > without Host header. > > > > Regards > > Henrik >
