I see an error in my squid cache.log that I think is TProxy related, and wanted to post it here to see if anyone had input before posting it to the squid list.

The versions of everything I am using is listed below, followed by the error.

Software versions:

squid-3.HEAD-20080721

iptables 1.4.0

kernel 2.6.25.11

This is part of a WCCP setup with a Cisco router.

My iptables setup is:

Table: filter
Chain INPUT (policy ACCEPT)
num target     prot opt source               destination
1    ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0
2    ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0
3    ACCEPT     47   -- 0.0.0.0/0            0.0.0.0/0
4    ACCEPT     47   -- 0.0.0.0/0            0.0.0.0/0
5    LocalFW    all -- 0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 LocalFW all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain LocalFW (2 references)
num target     prot opt source               destination
1    ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0
2    ACCEPT     icmp -- 0.0.0.0/0            0.0.0.0/0           icmp type 255
3    ACCEPT     udp -- 10.48.33.2           0.0.0.0/0           udp dpt:2048
4    ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
5    ACCEPT     tcp -- 10.9.7.206           0.0.0.0/0           tcp dpt:22 state NEW
6    ACCEPT     tcp -- 10.2.5.100           0.0.0.0/0           tcp dpt:22 state NEW
7    ACCEPT     tcp -- 10.9.7.206           0.0.0.0/0           tcp dpt:10000 state NEW
8    ACCEPT     udp -- 10.2.5.100           0.0.0.0/0           udp spt:161
9    ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0           tcp dpt:8080
10   ACCEPT     tcp -- 10.9.7.206           0.0.0.0/0           tcp dpt:10000
11   REJECT     all -- 0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Table: mangle
Chain PREROUTING (policy ACCEPT)
num target     prot opt source               destination
1    DIVERT     tcp -- 0.0.0.0/0            0.0.0.0/0           socket
2    TPROXY     tcp -- 0.0.0.0/0            0.0.0.0/0           tcp dpt:80 TPROXY redirect 0.0.0.0:3128 mark 0x1/0x1

Chain INPUT (policy ACCEPT)
num target prot opt source destination

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination

Chain DIVERT (1 references)
num target     prot opt source               destination
1    MARK       all -- 0.0.0.0/0            0.0.0.0/0           MARK set 0x1
2    ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0

The squid clients are in the 10.48.1.0/24 subnet, the router is in both the 10.48.1.0/24 and the 10.48.33.0/24 subnet. The squid box is 10.48.33.2, the router is 10.48.33.1. Both IP subnets are seperate layer 2 vlans.

In the errors below, 10.48.1.200 is my client test machine.

Error with "echo 0 > /proc/sys/net/ipv4/ip_nonlocal_bind":

2008/07/22 12:57:05| IPInterception.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily unavailable

2008/07/22 12:57:05| IPInterception.cc(171) NetfilterTransparent: NF getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available

Error with "echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind":

2008/07/22 13:01:50| IPInterception.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily unavailable
2008/07/22 13:01:50| IPInterception.cc(171) NetfilterTransparent: NF getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available
2008/07/22 13:01:54| commBind: Cannot bind socket FD 30 to 10.48.1.200:5675: (98) Address already in use
2008/07/22 13:01:54| comm.cc(997) commResetFD: bind: (98) Address already in use