On 04/06/2011 12:08, Amos Jeffries wrote:
On 04/06/11 09:16, MrNicholsB wrote:
Ok Ive had squid3 running rock solid for months, I recently migrated
from Ubuntu 9 to 10.04 and now Squid is clearly not caching, but traffic
IS passing through it, my conf is the same as it was before but now im
getting an error on cache.log every time squid gets a request, any help
would be great, im sure its something simple Im just not seeing..THANK
YOU!!
ERRORs from cache.log
==============================
2011/06/03 13:57:32| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST)
failed: (92) Protocol not available
You have a http_port configured with "transparent" or "intercept".
Tellign Squid to lookup NAT for the IP details.
It is being sent traffic which apparently never went through NAT. Your
access.log will contain lies about what client IP was making the
request. *THIS IS BAD*. Your squid.conf is making you vulnerable to
security attack CVE-2009-0801
Solution:
* pick a random port number for the NAT-to-Squid packet arrival. Use a
second port for regular proxy requests.
* follow the config details for iptables "mangle" table:
http://wiki.squid-cache.org/ConfigExamples/LinuxDnat
Sorry, that should have been
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.8 and 3.1.12.2
