[tproxy] Tproxy 4 bugs after installation

Ritter, Nicholas Nicholas.Ritter at americantv.com
Thu Sep 11 16:55:05 CEST 2008


 
I am getting the same errors, I am working with a Squid developer to
reduce the errors. I have found that setting the foreign bind variable
in proc helps reduce the problem. I am working to test a few patches
against squid-3.HEAD-20080910 which are not part of the branch yet.

I am running the same versions of tproxy, kernel, etc. as you. I find
that the problem is worse under heavier loads. I am using WCCP and it
seems that the problem is less of an issue when two WCCP service (one
for each direction) are used.

Bridging setups with TProxy don't seem to have this issue (although I
don't know that from direct experience.)


I am not disagreeing that the problem may be with TProxy, but I am
working with the squid crew to get better troubleshooting info to help
isolate the problem.

Nick


-----Original Message-----
From: tproxy-bounces at lists.balabit.hu
[mailto:tproxy-bounces at lists.balabit.hu] On Behalf Of Anton
Sent: Thursday, September 11, 2008 8:36 AM
To: tproxy at lists.balabit.hu
Subject: Re: [tproxy] Tproxy 4 bugs after installation

The problem is known, but seems to be not much interesting for anyone
who could fix it...

On Thursday 04 September 2008 14:42, Ayham Abou Afach wrote:
> Hi Every body
> i have some problems with tproxy after installation on ubuntu server 
> 8.04 AMD 64 with the following :
>
>     Iptables 1.4.0
>     squid-3.HEAD-20080901
>    
> tproxy-iptables-1.4.0-20080521-113954-1211362794.patch
> tproxy-kernel-2.6.25-20080519-165031-1211208631 Kernel
> 2.6.24.19
>
> with the following rules file for iptables :
>     *mangle
>
>     :PREROUTING ACCEPT [263600:125723686]
>     :INPUT ACCEPT [616826:343701577]
>     :FORWARD ACCEPT [239812:121581975]
>     :OUTPUT ACCEPT [1011781:458569186]
>     :POSTROUTING ACCEPT [1250543:580095901]
>     :DIVERT - [0:0]
>
>     -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 8080 
> --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
>     -A PREROUTING -p tcp -m socket -j DIVERT
>     -A DIVERT -j MARK --set-mark 0x1
>     -A DIVERT -j ACCEPT
>     COMMIT
> and the following ip rules :
>     ip rule add fwmark 1 lookup 100
>     ip route add local 0.0.0.0/0 dev lo table 100 and enabling 
> nonlocal bind
>     echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
> And with squid configuration
>     http_port 8080 transparent tproxy
>
> And every thing is fine all users are going out with their own IP 
> addresses and that what i want but there is some problems with post 
> pages and some get ones i see these errors in squid cache.log :
>     IPInterception.cc(137) NetfilterInterception:  NF
> getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily 
> unavailable
>      commBind: Cannot bind socket FD 60 to
> 192.168.0.2:4288: (98) Address already in use and this error in my 
> explorer :
>
> *    Connection to www.yahoo.com failed.*
>
>     The system returned: /(99) Cannot assign requested address
>
> /
>
> any body has some about this case HELP please
>
>
> _______________________________________________
> tproxy mailing list
> tproxy at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
_______________________________________________
tproxy mailing list
tproxy at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/tproxy



More information about the tproxy mailing list