On 7/01/2016 1:08 a.m., Ben Barker wrote: > Thanks Amos - good points - thanks. Both now fixed - thought I still seem > to be getting errors...sorry to be a bit inept here! > > squid -v > Squid Cache: Version 3.5.12 > Service Name: squid > configure options: > '--prefix=/usr' '--localstatedir=/var' '--libexecdir=/lib/squid' > '--datadir=/share/squid' '--sysconfdir=/etc/squid' > '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' > '--enable-icap-client' '--enable-linux-netfilter' '--enable-ssl-crtd' > '--with-default-user=squid' '--with-openssl' > > cctv@bridgebox ~/squid-3.5.12 $ 2016/01/06 11:56:58 kid1| Current Directory > is /home/cctv/squid-3.5.12 > 2016/01/06 11:56:58 kid1| Starting Squid Cache version 3.5.12 for > i686-pc-linux-gnu... <snip> > 2016/01/06 11:58:57 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on > local=10.163.17.250:13129 remote=xxxxx:48616 FD 16 flags=33: (92) Protocol > not available The first error means the kernel NAT tables do not have any record of the connection that arrived on the Squid intercept port. * Do not make test connections directly to the intercept port. Test it *exactly* as if you are a client going straight to the Internet. * Do not perform the NAT on any other machine. Compare your NAT rules with these to ensure you have them all right (notice how there are 4 rules): <http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat> Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
