[tproxy] Is there a usable TPROXY4+squid+linuxKernel patches?

Laszlo Attila Toth panther at balabit.hu
Tue May 20 11:43:31 CEST 2008 

Hello Anton,

I couldn't reproduce this issue. I have only one idea. What is your 
./configure line? I think it is different from mine:

   ./configure --enable-linux-netfilter --prefix ....


And in the etc/squid.conf file:

  http_port 3128 tproxy

The "transparent" option affects nothing if tproxy is used.


Anton wrote:
> Forgot to mention - failed bind appears on firefox with the 
> following text, the rest are ok. 
> 
> ERROR
> The requested URL could not be retrieved
> 
> While trying to retrieve the URL: 
> http://biog-101-104.bio.cornell.edu/bioG101_104/tutorials/animals/squid.html
> 
> The following error was encountered:
> 
>     * Connection to biog-101-104.bio.cornell.edu Failed 
> 
> The system returned:
> 
>     (99) Cannot assign requested address
> 
> The remote host or network may be down. Please try the 
> request again.
> 
> Your cache administrator is webmaster.
> Generated Mon, 19 May 2008 16:13:46 GMT by 
> (squid/3.HEAD-BZR) 
> 
> On Monday 19 May 2008 21:09, Anton wrote:
>> Seems squid 3.1 cannot bind on the some sockets even on a
>> small load - I've opened 5 tabs on the firefox and got
>> the following in the log files. Possibly it's a bug
>> during choose of the next available FD? Possibly I should
>> report it to squid -dev too?
>>
>> Possibly this behaviour is so visible on the latent
>> (satellite) links, like mine - so the FD occupied longer
>> than for those who is on fiber.
>>
>> May 19 21:01:48 cacheng squid[26551]:
>> IPInterception.cc(136) NetfilterInterception:  NF
>> getsockopt(SO_ORIGINAL_DST) failed: (11) Resource
>> temporarily unava May 19 21:01:48 cacheng squid[26551]:
>> IPInterception.cc(169) NetfilterTransparent:  NF
>> getsockopt(IP_TRANSPARENT) failed: (92) Protocol not
>> available May 19 21:02:50 cacheng squid[26551]:
>> IPInterception.cc(136) NetfilterInterception:  NF
>> getsockopt(SO_ORIGINAL_DST) failed: (11) Resource
>> temporarily unava May 19 21:02:50 cacheng squid[26551]:
>> IPInterception.cc(169) NetfilterTransparent:  NF
>> getsockopt(IP_TRANSPARENT) failed: (92) Protocol not
>> available May 19 21:02:57 cacheng squid[26551]: commBind:
>> Cannot bind socket FD 55 to 82.198.21.17:4008: (98)
>> Address already in use May 19 21:02:57 cacheng
>> squid[26551]: comm.cc(993) commResetFD: bind: (98)
>> Address already in use May 19 21:02:57 cacheng
>> squid[26551]: commBind: Cannot bind socket FD 55 to
>> 82.198.21.17:5407: (98) Address already in use May 19
>> 21:02:57 cacheng squid[26551]: comm.cc(993) commResetFD:
>> bind: (98) Address already in use
>>
>> Regards,
>> Anton.

--
Panther

More information about the tproxy mailing list