<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16674" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>I see an error in my
squid cache.log that I think is TProxy related, and wanted to post it here to
see if anyone had input before posting it to the squid list.</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>The versions of
everything I am using is listed below, followed by the
error.</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>Software
versions:</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial
size=2>squid-3.HEAD-20080721</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>iptables
1.4.0</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>kernel
2.6.25.11</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>This is part of a
WCCP setup with a Cisco router.</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>My iptables setup
is:</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>Table:
filter<BR>Chain INPUT (policy ACCEPT)<BR>num
target prot opt
source
destination
<BR>1 ACCEPT all --
0.0.0.0/0
0.0.0.0/0
<BR>2 ACCEPT all --
0.0.0.0/0
0.0.0.0/0
<BR>3 ACCEPT 47 --
0.0.0.0/0
0.0.0.0/0
<BR>4 ACCEPT 47 --
0.0.0.0/0
0.0.0.0/0
<BR>5 LocalFW all --
0.0.0.0/0
0.0.0.0/0
</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>Chain FORWARD
(policy ACCEPT)<BR>num target prot opt
source
destination
<BR>1 LocalFW all --
0.0.0.0/0
0.0.0.0/0
</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>Chain OUTPUT (policy
ACCEPT)<BR>num target prot opt
source
destination </FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>Chain LocalFW (2
references)<BR>num target prot opt
source
destination
<BR>1 ACCEPT all --
0.0.0.0/0
0.0.0.0/0
<BR>2 ACCEPT icmp --
0.0.0.0/0
0.0.0.0/0 icmp type
255 <BR>3 ACCEPT udp --
10.48.33.2
0.0.0.0/0 udp
dpt:2048 <BR>4 ACCEPT all
--
0.0.0.0/0
0.0.0.0/0 state
RELATED,ESTABLISHED <BR>5 ACCEPT
tcp --
10.9.7.206
0.0.0.0/0 tcp dpt:22
state NEW <BR>6 ACCEPT tcp
-- 10.2.5.100
0.0.0.0/0 tcp dpt:22
state NEW <BR>7 ACCEPT tcp
-- 10.9.7.206
0.0.0.0/0 tcp
dpt:10000 state NEW <BR>8 ACCEPT
udp --
10.2.5.100
0.0.0.0/0 udp
spt:161 <BR>9 ACCEPT tcp
--
0.0.0.0/0
0.0.0.0/0 tcp
dpt:8080 <BR>10 ACCEPT tcp --
10.9.7.206
0.0.0.0/0 tcp
dpt:10000 <BR>11 REJECT all --
0.0.0.0/0
0.0.0.0/0
reject-with icmp-host-prohibited </FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>Table:
mangle<BR>Chain PREROUTING (policy ACCEPT)<BR>num
target prot opt
source
destination
<BR>1 DIVERT tcp --
0.0.0.0/0
0.0.0.0/0 socket
<BR>2 TPROXY tcp --
0.0.0.0/0
0.0.0.0/0 tcp dpt:80
TPROXY redirect 0.0.0.0:3128 mark 0x1/0x1</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>Chain INPUT (policy
ACCEPT)<BR>num target prot opt
source
destination </FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>Chain FORWARD
(policy ACCEPT)<BR>num target prot opt
source
destination </FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>Chain OUTPUT (policy
ACCEPT)<BR>num target prot opt
source
destination </FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>Chain POSTROUTING
(policy ACCEPT)<BR>num target prot opt
source
destination </FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>Chain DIVERT (1
references)<BR>num target prot opt
source
destination
<BR>1 MARK all
--
0.0.0.0/0
0.0.0.0/0 MARK set
0x1 <BR>2 ACCEPT all --
0.0.0.0/0
0.0.0.0/0
</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>The squid clients
are in the 10.48.1.0/24 subnet, the router is in both the 10.48.1.0/24 and the
10.48.33.0/24 subnet. The squid box is 10.48.33.2, the router is 10.48.33.1.
Both IP subnets are seperate layer 2 vlans.</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>In the errors below,
10.48.1.200 is my client test machine.</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>Error with "echo 0
> /proc/sys/net/ipv4/ip_nonlocal_bind":</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>2008/07/22 12:57:05|
IPInterception.cc(137) NetfilterInterception: NF
getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily
unavailable</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>2008/07/22 12:57:05|
IPInterception.cc(171) NetfilterTransparent: NF getsockopt(IP_TRANSPARENT)
failed: (92) Protocol not available</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>
<DIV><SPAN class=508505717-22072008><FONT face=Arial size=2>Error with
"echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind":</FONT></SPAN></DIV>
<DIV><SPAN class=508505717-22072008></SPAN> </DIV>
<DIV><SPAN class=508505717-22072008>2008/07/22 13:01:50| IPInterception.cc(137)
NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed: (11)
Resource temporarily unavailable<BR>2008/07/22 13:01:50| IPInterception.cc(171)
NetfilterTransparent: NF getsockopt(IP_TRANSPARENT) failed: (92) Protocol
not available<BR>2008/07/22 13:01:54| commBind: Cannot bind socket FD 30 to
10.48.1.200:5675: (98) Address already in use<BR>2008/07/22 13:01:54|
comm.cc(997) commResetFD: bind: (98) Address already in
use</SPAN></DIV></FONT></DIV></BODY></HTML>