Leslie Jensen wrote:
I'm running Squid-3.0.10 on FreeBSD 7.0-RELEASE-p4 with PF.
I've noticed that in cache.log are a lot of entries as the one below
clientNatLookup: PF open failed: (13) Permission denied
I've found some information on the problem via Google.
One is "start Squid as root". Squid is started via rc.conf so I think
that is sorted.
There is a concern about rights on /dev/pf
Finally there's some advice
---- snip----
If you are performing any kind of transparent interception with squid
you will need one of the --*-transparent options. Without it squid will
fail to correctly spoof the clients IP.
----- snip ----
I do not fully understand where the "--*-transparent options" are to
be found. And if it's the solution to the problem.
Will someone Please enlighten me?
First, I don't know if it is the solution to the problem, but it's an
easy thing to check...
Run "/path/to/squid -v". That will show what options squid was compiled
with. For example:
-bash-3.00$ /home/squid2/bin/squid -v
Squid Cache: Version 2.6.STABLE3
configure options: '--bindir=/home/squid2/bin'
'--sbindir=/home/squid2/bin' '--libexecdir=/home/squid2/bin'
'--datadir=/home/squid2/etc' '--sysconfdir=/etc/squid'
'--localstatedir=/home/squid2' '--mandir=/usr/man'
'--enable-err-languages=English' '--enable-snmp' '--with-large-files'
'--disable-ident-lookups' '--disable-useragent-log'
'--disable-referer-log' '--enable-async-io' '--enable-epoll'
-bash-3.00$
If you don't see --enable-pf-transparent in that list, you are going to
need to recompile.
Thank you
/Leslie
Chris
