squid 3.2.0.18 transparent nat interception

Pawel Mojski <pawcio@xxxxxxxxxx> · Wed, 29 Aug 2012 12:15:36 +0200

Hi All.

I have a strange situation with squid 3.2.0.18 and nat interception.
I have configured:
http_port 8081 transparent.

When on gateway I do:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 
ip.of.my.squid:8081 i have strange error.

In netstat I see like squid are connecting to himself in a unfinished 
loop. It looks like this:

tcp        0      0 172.30.0.135:53698      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:52971 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:56046      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:54646 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:55927      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:56034 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:56065      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:55683      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:53589      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:52511 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:54113 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:56441 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:53259      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:53308      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:55520      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:53761 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:53936 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:55696      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:52855 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:54898      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:56410      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:54307      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:56028      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:55289 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:53133 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:56243 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:53129 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:53222 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:52837 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:53667 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:55430      172.30.0.135:8081 
ESTABLISHED 21041/(squid-1)
tcp        0      0 172.30.0.135:8081       172.30.0.135:56324 
ESTABLISHED 21041/(squid-1)

At the end in error log is information that the squid is out of the file 
descriptors and connection with the client are closed.
What I did wrong?

PS: As far as I remember in squid 3.1.x I have'nt such problem.

--
Regards;
Pawel Mojski