Tproxy 4 bugs after installation
Hi Every body i have some problems with tproxy after installation on ubuntu server 8.04 AMD 64 with the following : Iptables 1.4.0 squid-3.HEAD-20080901 tproxy-iptables-1.4.0-20080521-113954-1211362794.patch tproxy-kernel-2.6.25-20080519-165031-1211208631 Kernel 2.6.24.19 with the following rules file for iptables : *mangle :PREROUTING ACCEPT [263600:125723686] :INPUT ACCEPT [616826:343701577] :FORWARD ACCEPT [239812:121581975] :OUTPUT ACCEPT [1011781:458569186] :POSTROUTING ACCEPT [1250543:580095901] :DIVERT - [0:0] -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 8080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1 -A PREROUTING -p tcp -m socket -j DIVERT -A DIVERT -j MARK --set-mark 0x1 -A DIVERT -j ACCEPT COMMIT and the following ip rules : ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 and enabling nonlocal bind echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind And with squid configuration http_port 8080 transparent tproxy And every thing is fine all users are going out with their own IP addresses and that what i want but there is some problems with post pages and some get ones i see these errors in squid cache.log : IPInterception.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily unavailable commBind: Cannot bind socket FD 60 to 192.168.0.2:4288: (98) Address already in use and this error in my explorer : * Connection to www.yahoo.com failed.* The system returned: /(99) Cannot assign requested address / any body has some about this case HELP please
The problem is known, but seems to be not much interesting for anyone who could fix it... On Thursday 04 September 2008 14:42, Ayham Abou Afach wrote:
Hi Every body i have some problems with tproxy after installation on ubuntu server 8.04 AMD 64 with the following :
Iptables 1.4.0 squid-3.HEAD-20080901
tproxy-iptables-1.4.0-20080521-113954-1211362794.patch tproxy-kernel-2.6.25-20080519-165031-1211208631 Kernel 2.6.24.19
with the following rules file for iptables : *mangle
:PREROUTING ACCEPT [263600:125723686] :INPUT ACCEPT [616826:343701577] :FORWARD ACCEPT [239812:121581975] :OUTPUT ACCEPT [1011781:458569186] :POSTROUTING ACCEPT [1250543:580095901] :DIVERT - [0:0]
-A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 8080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1 -A PREROUTING -p tcp -m socket -j DIVERT -A DIVERT -j MARK --set-mark 0x1 -A DIVERT -j ACCEPT COMMIT and the following ip rules : ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 and enabling nonlocal bind echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind And with squid configuration http_port 8080 transparent tproxy
And every thing is fine all users are going out with their own IP addresses and that what i want but there is some problems with post pages and some get ones i see these errors in squid cache.log : IPInterception.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily unavailable commBind: Cannot bind socket FD 60 to 192.168.0.2:4288: (98) Address already in use and this error in my explorer :
* Connection to www.yahoo.com failed.*
The system returned: /(99) Cannot assign requested address
/
any body has some about this case HELP please
_______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
I am getting the same errors, I am working with a Squid developer to reduce the errors. I have found that setting the foreign bind variable in proc helps reduce the problem. I am working to test a few patches against squid-3.HEAD-20080910 which are not part of the branch yet. I am running the same versions of tproxy, kernel, etc. as you. I find that the problem is worse under heavier loads. I am using WCCP and it seems that the problem is less of an issue when two WCCP service (one for each direction) are used. Bridging setups with TProxy don't seem to have this issue (although I don't know that from direct experience.) I am not disagreeing that the problem may be with TProxy, but I am working with the squid crew to get better troubleshooting info to help isolate the problem. Nick -----Original Message----- From: tproxy-bounces@lists.balabit.hu [mailto:tproxy-bounces@lists.balabit.hu] On Behalf Of Anton Sent: Thursday, September 11, 2008 8:36 AM To: tproxy@lists.balabit.hu Subject: Re: [tproxy] Tproxy 4 bugs after installation The problem is known, but seems to be not much interesting for anyone who could fix it... On Thursday 04 September 2008 14:42, Ayham Abou Afach wrote:
Hi Every body i have some problems with tproxy after installation on ubuntu server 8.04 AMD 64 with the following :
Iptables 1.4.0 squid-3.HEAD-20080901
tproxy-iptables-1.4.0-20080521-113954-1211362794.patch tproxy-kernel-2.6.25-20080519-165031-1211208631 Kernel 2.6.24.19
with the following rules file for iptables : *mangle
:PREROUTING ACCEPT [263600:125723686] :INPUT ACCEPT [616826:343701577] :FORWARD ACCEPT [239812:121581975] :OUTPUT ACCEPT [1011781:458569186] :POSTROUTING ACCEPT [1250543:580095901] :DIVERT - [0:0]
-A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 8080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1 -A PREROUTING -p tcp -m socket -j DIVERT -A DIVERT -j MARK --set-mark 0x1 -A DIVERT -j ACCEPT COMMIT and the following ip rules : ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 and enabling nonlocal bind echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind And with squid configuration http_port 8080 transparent tproxy
And every thing is fine all users are going out with their own IP addresses and that what i want but there is some problems with post pages and some get ones i see these errors in squid cache.log : IPInterception.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily unavailable commBind: Cannot bind socket FD 60 to 192.168.0.2:4288: (98) Address already in use and this error in my explorer :
* Connection to www.yahoo.com failed.*
The system returned: /(99) Cannot assign requested address
/
any body has some about this case HELP please
_______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
Hi, On cs, szept 11, 2008 at 09:55:05 -0500, Ritter, Nicholas wrote:
I am getting the same errors, I am working with a Squid developer to reduce the errors. I have found that setting the foreign bind variable in proc helps reduce the problem. I am working to test a few patches against squid-3.HEAD-20080910 which are not part of the branch yet.
I am running the same versions of tproxy, kernel, etc. as you. I find that the problem is worse under heavier loads. I am using WCCP and it seems that the problem is less of an issue when two WCCP service (one for each direction) are used.
Bridging setups with TProxy don't seem to have this issue (although I don't know that from direct experience.)
I am not disagreeing that the problem may be with TProxy, but I am working with the squid crew to get better troubleshooting info to help isolate the problem.
Yes, this would help tremendously. None of us is a squid expert (nor developer) unfortunately. BTW, are these patches you're testing public? -- KOVACS Krisztian
participants (4)
-
Anton
-
Ayham Abou Afach
-
KOVACS Krisztian
-
Ritter, Nicholas