[squid-users] Stuggling with 3.5.16 on FreeBSD-9.3
ncrogers at gmail.com
Mon Apr 18 17:14:37 UTC 2016
On Fri, Apr 15, 2016 at 8:45 AM, Odhiambo Washington <odhiambo at gmail.com>
> Hello Amos,
> All noted.
> Lemme consult with some FreeBSD guys on these .
As a FreeBSD user, here's my two cents.
You should be using the www/squid port.
If the port doesn't compile with the options you wish, open a problem
report with FreeBSD and/or ask on the FreeBSD ports mailing list. The
maintainer of the www/squid port is pretty responsive and helpful.
I don't have any issues with www/squid on FreeBSD 10.1-RELEASE.
> On 15 April 2016 at 18:13, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>> On 16/04/2016 1:29 a.m., Odhiambo Washington wrote:
>> > With luck, I have managed to get squid to compile successfully (after
>> > upgrading a few components here and there). I used:
>> > I have it running now (redirecting using IPFilter/IPNAT), but once in a
>> > while I see this error about NAT:
>> > 2016/04/15 16:17:23| ERROR: NAT/TPROXY lookup failed to locate original
>> > on local=192.168.55.254:13128 remote=192.168.55.62:57724 FD 29 flags=33
>> These are the kernel NAT system telling Squid the connection being
>> looked up has not record there.
>> It could be TCP connections being made straight to the intercept port.
>> If so you need to update the firewall config to prevent them, even from
>> In Linux we use a mangle table rule, since that is the filter pre-NAT
>> that can do it. I'm not sure how FreeBSD would do that. It has to be
>> done on packets first arrival pre-NAT. Any filter that is applied after
>> the NAT action will get it wrong due to the NAT changes.
>> It could be the NAT systems table of connections filling up and
>> overflowing. If so there should be a kernel sysctl somewhere to increase
>> that table size.
>> > In any case, I am planning to rewrite the IPNAT rules into PF and use
>> > It's the inception stage so I haven't delved deep into ssl-bump
>> > configurations...
> Best regards,
> Odhiambo WASHINGTON,
> +254 7 3200 0004/+254 7 2274 3223
> "Oh, the cruft."
> squid-users mailing list
> squid-users at lists.squid-cache.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users