Re: ERROR: NAT/TPROXY lookup failed to locate original IPs on local

Uchenna Nebedum <nebeduch@xxxxxxxxx> · Fri, 19 Oct 2018 19:17:21 +0100

Thanks a lot Rafael, I've gone through the documentation it looks to be very promising, one reservation i have is I want to use greasyspoon for icap and i see ecap is implemented already. I intend to install everything as suggested on the link, then after this change squid.conf to remove ecap connection.Please, I hope this will work? 

Thanks a lot again for the link, it really explained everything well enough for a beginner.

Uchenna Nebedum

On Fri, Oct 19, 2018, 18:30 Rafael Akchurin <rafael.akchurin@xxxxxxxxxxxx> wrote:

Hello Uchenna,

May be this policy based routing with Mikrotik tutorial will be of any use
See 
https://docs.diladele.com/tutorials/mikrotik_transparent_squid/index.html

Best regards,
Rafael Akchurin
Diladele B.V.

From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>
On Behalf Of Uchenna Nebedum

Sent: Friday, 19 October 2018 18:42

To: squid-users@xxxxxxxxxxxxxxxxxxxxx

Subject:  ERROR: NAT/TPROXY lookup failed to locate original IPs on local

Good Day All,

i'm new to squid and i have configured squid as an http transparent proxy with a mikrotik.

the squid server has only a single NIC, so i followed a tutorial and set up a dst-nat to squid proxy for traffic on port 80,

Chain:dstnat. 

Protocol:tcp

Dst-port:80 

Action:dst-nat

To Addresses:192.168.2.2 (squid proxy)

To ports:8080

but after setup, only https traffic works correctly,

http traffic client error is "This page isn't working ERR_EMPTY_RESPONSE"

squid access.log is empty then in squid cache.log these are the errors

```

2018/10/19 17:08:54 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.2.2:8080 remote=192.168.1.254:41248 FD 10 flags=33: (92) Protocol not available

2018/10/19 17:08:54 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.2.2:8080 remote=192.168.1.254:41248 FD 10 flags=33

```

please find below my squid.conf contents

```

acl localnet src 192.168.1.0/24   

acl SSL_ports port 443

acl Safe_ports port 80        

acl Safe_ports port 21        

acl Safe_ports port 443        

acl Safe_ports port 70        

acl Safe_ports port 210        

acl Safe_ports port 1025-65535    

acl Safe_ports port 280        

acl Safe_ports port 488        

acl Safe_ports port 591        

acl Safe_ports port 777        

acl CONNECT method CONNECT

icap_enable off

icap_service service_req reqmod_precache 1 icap://127.0.0.1:1344/REQMOD

adaptation_service_set class_req service_req

adaptation_access class_req allow all

icap_service service_resp respmod_precache 0 icap://127.0.0.1:1344/RESPMOD

adaptation_service_set class_resp service_resp

adaptation_access class_resp allow all

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager

http_access deny manager

http_access deny to_localhost

http_access allow localnet

http_access allow localhost

http_access allow all

http_port 3128

http_port 8080 transparent

 access_log daemon:/var/log/squid/access.log squid

coredump_dir /var/spool/squid

refresh_pattern ^ftp:        1440    20%    10080

refresh_pattern ^gopher:    1440    0%    1440

refresh_pattern -i (/cgi-bin/|\?) 0    0%    0

refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880

refresh_pattern .        0    20%    4320

```

please any help or correction would be highly appreciated, i am not even sure if the approach is correct.

-- 

Nebedum Uchenna

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users