Search squid archive

Re: NetfilterInterception: NF > getsockopt(SO_ORIGINAL_DST) errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, May 22, 2018 at 12:24 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 22/05/18 22:06, kAja Ziegler wrote:
> This is strange because I don't use any NAT iptables/netfilter rules on
> this server:
>
> [root@...]# iptables -n -L -v -t nat
> Chain PREROUTING (policy ACCEPT 26964 packets, 1870K bytes)
>  pkts bytes target     prot opt in     out     source              
> destination
>
> Chain POSTROUTING (policy ACCEPT 11013 packets, 817K bytes)
>  pkts bytes target     prot opt in     out     source              
> destination
>
> Chain OUTPUT (policy ACCEPT 11015 packets, 817K bytes)
>  pkts bytes target     prot opt in     out     source              
> destination-

That lack of NAT rules would be why Squid cannot find any entries for
the traffic in the kernels NAT state table.


>
>
> Only one weird thing I found in my Squid configuration - I had defined
> only one http_port (http_port 3128 intercept) and this port was used to
> access proxy via explicit definitions in systems or applications -
> without any REDIRECT or marking in iptables/netfilter rules

There is the problem. That "intercept" mode/flag means NAT intercepted
traffic is the only type you are going to receive there.

Explicit / forward proxy is the "normal" traffic case for proxies. A
port to receive that traffic is configured without any special mode
flag. Just:
  http_port 3128


Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Hi Amos,

It's silly that I did not notice these errors earlier. I found them in the log just recently.

Communication via proxy in this configuration (with http_port 3128 intercept) has worked well for years.

I've removed the intercept from the configuration, so I'll see.


Thank you and with best regqards
--
Karel Ziegler


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux