Chris Robertson wrote:
Leslie Jensen wrote:
I'm running Squid-3.0.10 on FreeBSD 7.0-RELEASE-p4 with PF.
I've noticed that in cache.log are a lot of entries as the one below
clientNatLookup: PF open failed: (13) Permission denied
I've found some information on the problem via Google.
One is "start Squid as root". Squid is started via rc.conf so I think
that is sorted.
There is a concern about rights on /dev/pf
Finally there's some advice
---- snip----
If you are performing any kind of transparent interception with squid
you will need one of the --*-transparent options. Without it squid will
fail to correctly spoof the clients IP.
----- snip ----
I do not fully understand where the "--*-transparent options" are to
be found. And if it's the solution to the problem.
Will someone Please enlighten me?
First, I don't know if it is the solution to the problem, but it's an
easy thing to check...
Run "/path/to/squid -v". That will show what options squid was compiled
with. For example:
-bash-3.00$ /home/squid2/bin/squid -v
Squid Cache: Version 2.6.STABLE3
configure options: '--bindir=/home/squid2/bin'
'--sbindir=/home/squid2/bin' '--libexecdir=/home/squid2/bin'
'--datadir=/home/squid2/etc' '--sysconfdir=/etc/squid'
'--localstatedir=/home/squid2' '--mandir=/usr/man'
'--enable-err-languages=English' '--enable-snmp' '--with-large-files'
'--disable-ident-lookups' '--disable-useragent-log'
'--disable-referer-log' '--enable-async-io' '--enable-epoll'
-bash-3.00$
If you don't see --enable-pf-transparent in that list, you are going to
need to recompile.
I believe the option is present. The line "PF open failed" should never
occur without it.
The rc.conf may not necessarily be correct. Bug 2396 bout PF
permissions, has only been fixed since 3.0.STABLE8.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1
