[squid-users] "NF getsockopt(SO_ORIGINAL_DST)" filling cache.log due to AWS ELB healthchecks

Amos Jeffries squid3 at treenet.co.nz
Thu Oct 29 05:00:06 UTC 2015

On 29/10/2015 1:28 p.m., Eliezer Croitoru wrote:
> Why are you using an intercept port?
> IF you don't need it you dont't.
> Every time any direct conneciton is done to the proxy port 3128 it will
> show this line since the connection is a regular TCP one while the
> "intercept" directive instructs squid to fetch information which exists
> only on NATTED\REDIRECT traffic.
> Pretty simple and straight forward and this is the way squid works..
> You should verify if you need a http_port 1111 or http_port 1111 accel
> or http_port 1111 intercept.
> I will be glad to help you in about 20 hours.
> Eliezer
> On 29/10/2015 02:06, John Smith wrote:
>> Hi Eliezer,
>> I've added a single line to my squid.conf:
>> http_port 3130
>> And I've modified my AWS ELB healthcheck to monitor port 3130 instead of
>> 3128.
>> Now my instances are still in the ELB, and the proxy still works as
>> expected, AND the amount of garbage errors in the cache.log has been
>> significantly reduced.

They are not garbage. They are telling you very clearly that the message
being received did not go through the kernel NAT system so all the TCP
protocol NAT related stuff is not working properly.

>> Unfortunately I'm seeing a single a single line in cache.log every time I
>> hit the proxy on port 3128:
>> 2015/10/28 23:53:32| IpIntercept.cc(137) NetfilterInterception:  NF
>> getsockopt(SO_ORIGINAL_DST) failed on FD 61: (92) Protocol not available
>>  From other posts, it appears this warning message related to NAT. 
>> I'm not
>> doing NAT on the squid proxies, the load balancer takes care of that.

Exactly. You told Squid it had to do NAT with the "intercept" option.
When it tried to do as you instructed ... boom.

>> Any ideas how to remove the rest of the noise from my logs?

Start with removing the "intercept". It is clearly the wrong thing to
have. Then move on to whatever problem appears next.

If you let us know what this ELB+Squid pair is supposed to be doing,
and/or share your squid.conf we can perhapse suggest what else you need
to do for other problems.


More information about the squid-users mailing list