Search squid archive

Re: NAT/TPROXY lookup failed to locate original IPs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks Amos - good points - thanks. Both now fixed - thought I still seem to be getting errors...sorry to be a bit inept here!

squid -v
Squid Cache: Version 3.5.12
Service Name: squid
configure options: 
 '--prefix=/usr' '--localstatedir=/var' '--libexecdir=/lib/squid' '--datadir=/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--enable-icap-client' '--enable-linux-netfilter' '--enable-ssl-crtd' '--with-default-user=squid' '--with-openssl'

cctv@bridgebox ~/squid-3.5.12 $ 2016/01/06 11:56:58 kid1| Current Directory is /home/cctv/squid-3.5.12
2016/01/06 11:56:58 kid1| Starting Squid Cache version 3.5.12 for i686-pc-linux-gnu...
2016/01/06 11:56:58 kid1| Service Name: squid
2016/01/06 11:56:58 kid1| Process ID 1721
2016/01/06 11:56:58 kid1| Process Roles: worker
2016/01/06 11:56:58 kid1| With 1024 file descriptors available
2016/01/06 11:56:58 kid1| Initializing IP Cache...
2016/01/06 11:56:58 kid1| DNS Socket created at [::], FD 6
2016/01/06 11:56:58 kid1| DNS Socket created at 0.0.0.0, FD 7
2016/01/06 11:56:58 kid1| Adding nameserver 208.67.222.222 from /etc/resolv.conf
2016/01/06 11:56:58 kid1| Adding nameserver 208.67.220.220 from /etc/resolv.conf
2016/01/06 11:56:58 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' processes
2016/01/06 11:56:58 kid1| helperOpenServers: Starting 0/20 'basic_ncsa_auth' processes
2016/01/06 11:56:58 kid1| helperOpenServers: No 'basic_ncsa_auth' processes needed.
2016/01/06 11:56:58 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2016/01/06 11:56:58 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2016/01/06 11:56:58 kid1| Store logging disabled
2016/01/06 11:56:58 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2016/01/06 11:56:58 kid1| Target number of buckets: 1008
2016/01/06 11:56:58 kid1| Using 8192 Store buckets
2016/01/06 11:56:58 kid1| Max Mem  size: 262144 KB
2016/01/06 11:56:58 kid1| Max Swap size: 0 KB
2016/01/06 11:56:58 kid1| Using Least Load store dir selection
2016/01/06 11:56:58 kid1| Current Directory is /home/cctv/squid-3.5.12
2016/01/06 11:56:58 kid1| Finished loading MIME types and icons.
2016/01/06 11:56:58 kid1| HTCP Disabled.
2016/01/06 11:56:58 kid1| Squid plugin modules loaded: 0
2016/01/06 11:56:58 kid1| Adaptation support is off.
2016/01/06 11:56:58 kid1| Accepting HTTP Socket connections at local=[::]:13128 remote=[::] FD 22 flags=9
2016/01/06 11:56:58 kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:13129 remote=[::] FD 23 flags=41
2016/01/06 11:56:59 kid1| storeLateRelease: released 0 objects
squid2016/01/06 11:57:24 kid1| Starting new basicauthenticator helpers...
2016/01/06 11:57:24 kid1| helperOpenServers: Starting 1/20 'basic_ncsa_auth' processes
2016/01/06 11:58:57 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=10.163.17.250:13129 remote=xxxxx:48616 FD 16 flags=33: (92) Protocol not available
2016/01/06 11:58:57 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=xxxxx:13129 remote=xxxxx:48616 FD 16 flags=33
2016/01/06 11:58:58 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=xxxxx:13129 remote=10.163.45.115:48617 FD 16 flags=33: (92) Protocol not available




On Wed, Jan 6, 2016 at 11:43 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 6/01/2016 10:50 p.m., dbrb2 wrote:
> Squid version and config options:
>
> Squid Cache: Version 3.5.12
> Service Name: squid
> configure options:  '--prefix=/usr' '--localstatedir=/var'
> '--libexecdir=/lib/squid' '--datadir=/share/squid'
> '--sysconfdir=/etc/squid' '--with-default-user=proxy'
> '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid'
> '--enable-icap-client' '--enable-ssl' '--enable-ssl-crtd'
> '--with-default-user=squid' '--with-openssl'

You have --with-default-user=X listed twice with two different account
names. Pick one.

Also --enable-ssl does not exist in 3.5. Remove.

You are missing the --enable-linux-netfilter option that enables NAT
interception on Linux.

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux