[tproxy] tproxy related error in squid?
Ritter, Nicholas
Nicholas.Ritter at americantv.com
Tue Jul 22 20:09:25 CEST 2008
I see an error in my squid cache.log that I think is TProxy related, and
wanted to post it here to see if anyone had input before posting it to
the squid list.
The versions of everything I am using is listed below, followed by the
error.
Software versions:
squid-3.HEAD-20080721
iptables 1.4.0
kernel 2.6.25.11
This is part of a WCCP setup with a Cisco router.
My iptables setup is:
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
5 LocalFW all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 LocalFW all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain LocalFW (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
type 255
3 ACCEPT udp -- 10.48.33.2 0.0.0.0/0 udp
dpt:2048
4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
5 ACCEPT tcp -- 10.9.7.206 0.0.0.0/0 tcp
dpt:22 state NEW
6 ACCEPT tcp -- 10.2.5.100 0.0.0.0/0 tcp
dpt:22 state NEW
7 ACCEPT tcp -- 10.9.7.206 0.0.0.0/0 tcp
dpt:10000 state NEW
8 ACCEPT udp -- 10.2.5.100 0.0.0.0/0 udp
spt:161
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:8080
10 ACCEPT tcp -- 10.9.7.206 0.0.0.0/0 tcp
dpt:10000
11 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DIVERT tcp -- 0.0.0.0/0 0.0.0.0/0 socket
2 TPROXY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:80 TPROXY redirect 0.0.0.0:3128 mark 0x1/0x1
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Chain DIVERT (1 references)
num target prot opt source destination
1 MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK
set 0x1
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
The squid clients are in the 10.48.1.0/24 subnet, the router is in both
the 10.48.1.0/24 and the 10.48.33.0/24 subnet. The squid box is
10.48.33.2, the router is 10.48.33.1. Both IP subnets are seperate layer
2 vlans.
In the errors below, 10.48.1.200 is my client test machine.
Error with "echo 0 > /proc/sys/net/ipv4/ip_nonlocal_bind":
2008/07/22 12:57:05| IPInterception.cc(137) NetfilterInterception: NF
getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily
unavailable
2008/07/22 12:57:05| IPInterception.cc(171) NetfilterTransparent: NF
getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available
Error with "echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind":
2008/07/22 13:01:50| IPInterception.cc(137) NetfilterInterception: NF
getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily
unavailable
2008/07/22 13:01:50| IPInterception.cc(171) NetfilterTransparent: NF
getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available
2008/07/22 13:01:54| commBind: Cannot bind socket FD 30 to
10.48.1.200:5675: (98) Address already in use
2008/07/22 13:01:54| comm.cc(997) commResetFD: bind: (98) Address
already in use
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20080722/0df143fc/attachment.htm
More information about the tproxy
mailing list