On 11/04/11 16:31, Indunil Jayasooriya wrote:
Hi reyk,
many thanks for the reply.
- revert /dev/pf to the old 0600 permissions
reverted. Now it is set to default. pls see below.
# ls -al /dev/pf
crw------- 1 root wheel 73, 0 Apr 1 19:30 /dev/pf
- recompile squid _without_ --enable-pf-transparent (disable it)
recompiled without --enable-pf-transparent
pls see squid configuration option ( Now, no --enable-pf-transparent option)
# squid -v
Squid Cache: Version 3.2.0.6
configure options: '--datadir=/usr/local/share/squid'
'--enable-arp-acl' '--enable-basic-auth-helpers=NCSA'
'--enable-digest-auth-helpers=password' '--enable-delay-pools'
'--enable-external-acl-helpers=ip_user' '--enable-forw-via-db'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-removal-policies=lru' '--enable-ssl' '--enable-storeio=aufs'
'--with-pthreads' '--localstatedir=/var/squid' '--prefix=/usr/local'
'--sysconfdir=/etc/squid' '--mandir=/usr/local/man'
'--infodir=/usr/local/info' --enable-ltdl-convenience
- update your pf.conf to use divert-to instead of rdr-to
updated. Pls see below.
pass in log on $int_if proto tcp from $lan_net to any port 80 \
divert-to 127.0.0.1 port 3129
but, still now luck. any comments ?
3.2 will not mark the traffic and do any of the special transparent
traffic handling unless one of the NAT lookups functions returns true.
Just relying on the default getsockname() is not sufficient to mark the
traffic for special handling.
Fortunately the "ipfw" NAT lookup does what the new PF version
apparently needs. The --enable-ipfw-transparent should work as a
temporary measure.
I would like to fix this so --enable-pf-transparent properly detects and
handles the version of PF available. Are you able to find out how I
could do that please?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.6
