Amos Jeffries skrev:
Chris Robertson wrote:
Leslie Jensen wrote:
I'm running Squid-3.0.10 on FreeBSD 7.0-RELEASE-p4 with PF.
I've noticed that in cache.log are a lot of entries as the one below
clientNatLookup: PF open failed: (13) Permission denied
I've found some information on the problem via Google.
One is "start Squid as root". Squid is started via rc.conf so I think
that is sorted.
There is a concern about rights on /dev/pf
Finally there's some advice
---- snip----
If you are performing any kind of transparent interception with squid
you will need one of the --*-transparent options. Without it squid will
fail to correctly spoof the clients IP.
----- snip ----
I do not fully understand where the "--*-transparent options" are to
be found. And if it's the solution to the problem.
Will someone Please enlighten me?
First, I don't know if it is the solution to the problem, but it's an
easy thing to check...
Run "/path/to/squid -v". That will show what options squid was
compiled with. For example:
-bash-3.00$ /home/squid2/bin/squid -v
Squid Cache: Version 2.6.STABLE3
configure options: '--bindir=/home/squid2/bin'
'--sbindir=/home/squid2/bin' '--libexecdir=/home/squid2/bin'
'--datadir=/home/squid2/etc' '--sysconfdir=/etc/squid'
'--localstatedir=/home/squid2' '--mandir=/usr/man'
'--enable-err-languages=English' '--enable-snmp' '--with-large-files'
'--disable-ident-lookups' '--disable-useragent-log'
'--disable-referer-log' '--enable-async-io' '--enable-epoll'
-bash-3.00$
If you don't see --enable-pf-transparent in that list, you are going
to need to recompile.
I believe the option is present. The line "PF open failed" should never
occur without it.
The rc.conf may not necessarily be correct. Bug 2396 bout PF
permissions, has only been fixed since 3.0.STABLE8.
Amos
Yes, it's there! Squid is working from what I can see but the error
messages are of concern to me. Mine is Squid Cache: Version 3.0.STABLE10
/Leslie
-------------- snip ---------------
:/usr/local/sbin/squid -v
Squid Cache: Version 3.0.STABLE10
configure options: '--with-default-user=squid'
'--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin'
'--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid'
'--localstatedir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid'
'--enable-removal-policies=lru heap' '--disable-linux-netfilter'
'--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic ntlm
digest' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB
squid_radius_auth YP' '--enable-digest-auth-helpers=password'
'--enable-external-acl-helpers=ip_user session unix_group wbinfo_group'
'--enable-ntlm-auth-helpers=SMB' '--enable-storeio=ufs diskd null'
'--enable-delay-pools' '--disable-ident-lookups'
'--enable-ipfw-transparent' '--enable-pf-transparent' '--enable-kqueue'
'--enable-err-languages=Armenian Azerbaijani Bulgarian Catalan Czech
Danish Dutch English Estonian Finnish French German Greek Hebrew
Hungarian Italian Japanese Korean Lithuanian Polish Portuguese Romanian
Russian-1251 Russian-koi8-r Serbian Simplify_Chinese Slovak Spanish
Swedish Traditional_Chinese Turkish Ukrainian-1251 Ukrainian-koi8-u
Ukrainian-utf8' '--enable-default-err-language=templates'
'--prefix=/usr/local' '--mandir=/usr/local/man'
'--infodir=/usr/local/info/' '--build=i386-portbld-freebsd7.0'
'build_alias=i386-portbld-freebsd7.0' 'CC=cc' 'CFLAGS=-O2
-fno-strict-aliasing -pipe' 'LDFLAGS=' 'CPPFLAGS=' 'CXX=c++'
'CXXFLAGS=-O2 -fno-strict-aliasing -pipe'
-------------- snip ---------------
