[squid-users] NAT/TPROXY lookup failed to locate original IPs
Ben Barker
ben at bbarker.co.uk
Wed Jan 6 12:08:57 UTC 2016
Thanks Amos - good points - thanks. Both now fixed - thought I still seem
to be getting errors...sorry to be a bit inept here!
squid -v
Squid Cache: Version 3.5.12
Service Name: squid
configure options:
'--prefix=/usr' '--localstatedir=/var' '--libexecdir=/lib/squid'
'--datadir=/share/squid' '--sysconfdir=/etc/squid'
'--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid'
'--enable-icap-client' '--enable-linux-netfilter' '--enable-ssl-crtd'
'--with-default-user=squid' '--with-openssl'
cctv at bridgebox ~/squid-3.5.12 $ 2016/01/06 11:56:58 kid1| Current Directory
is /home/cctv/squid-3.5.12
2016/01/06 11:56:58 kid1| Starting Squid Cache version 3.5.12 for
i686-pc-linux-gnu...
2016/01/06 11:56:58 kid1| Service Name: squid
2016/01/06 11:56:58 kid1| Process ID 1721
2016/01/06 11:56:58 kid1| Process Roles: worker
2016/01/06 11:56:58 kid1| With 1024 file descriptors available
2016/01/06 11:56:58 kid1| Initializing IP Cache...
2016/01/06 11:56:58 kid1| DNS Socket created at [::], FD 6
2016/01/06 11:56:58 kid1| DNS Socket created at 0.0.0.0, FD 7
2016/01/06 11:56:58 kid1| Adding nameserver 208.67.222.222 from
/etc/resolv.conf
2016/01/06 11:56:58 kid1| Adding nameserver 208.67.220.220 from
/etc/resolv.conf
2016/01/06 11:56:58 kid1| helperOpenServers: Starting 5/5 'ssl_crtd'
processes
2016/01/06 11:56:58 kid1| helperOpenServers: Starting 0/20
'basic_ncsa_auth' processes
2016/01/06 11:56:58 kid1| helperOpenServers: No 'basic_ncsa_auth' processes
needed.
2016/01/06 11:56:58 kid1| Logfile: opening log
daemon:/var/log/squid/access.log
2016/01/06 11:56:58 kid1| Logfile Daemon: opening log
/var/log/squid/access.log
2016/01/06 11:56:58 kid1| Store logging disabled
2016/01/06 11:56:58 kid1| Swap maxSize 0 + 262144 KB, estimated 20164
objects
2016/01/06 11:56:58 kid1| Target number of buckets: 1008
2016/01/06 11:56:58 kid1| Using 8192 Store buckets
2016/01/06 11:56:58 kid1| Max Mem size: 262144 KB
2016/01/06 11:56:58 kid1| Max Swap size: 0 KB
2016/01/06 11:56:58 kid1| Using Least Load store dir selection
2016/01/06 11:56:58 kid1| Current Directory is /home/cctv/squid-3.5.12
2016/01/06 11:56:58 kid1| Finished loading MIME types and icons.
2016/01/06 11:56:58 kid1| HTCP Disabled.
2016/01/06 11:56:58 kid1| Squid plugin modules loaded: 0
2016/01/06 11:56:58 kid1| Adaptation support is off.
2016/01/06 11:56:58 kid1| Accepting HTTP Socket connections at
local=[::]:13128 remote=[::] FD 22 flags=9
2016/01/06 11:56:58 kid1| Accepting NAT intercepted SSL bumped HTTPS Socket
connections at local=[::]:13129 remote=[::] FD 23 flags=41
2016/01/06 11:56:59 kid1| storeLateRelease: released 0 objects
squid2016/01/06 11:57:24 kid1| Starting new basicauthenticator helpers...
2016/01/06 11:57:24 kid1| helperOpenServers: Starting 1/20
'basic_ncsa_auth' processes
2016/01/06 11:58:57 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
local=10.163.17.250:13129 remote=xxxxx:48616 FD 16 flags=33: (92) Protocol
not available
2016/01/06 11:58:57 kid1| ERROR: NAT/TPROXY lookup failed to locate
original IPs on local=xxxxx:13129 remote=xxxxx:48616 FD 16 flags=33
2016/01/06 11:58:58 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
local=xxxxx:13129 remote=10.163.45.115:48617 FD 16 flags=33: (92) Protocol
not available
On Wed, Jan 6, 2016 at 11:43 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 6/01/2016 10:50 p.m., dbrb2 wrote:
> > Squid version and config options:
> >
> > Squid Cache: Version 3.5.12
> > Service Name: squid
> > configure options: '--prefix=/usr' '--localstatedir=/var'
> > '--libexecdir=/lib/squid' '--datadir=/share/squid'
> > '--sysconfdir=/etc/squid' '--with-default-user=proxy'
> > '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid'
> > '--enable-icap-client' '--enable-ssl' '--enable-ssl-crtd'
> > '--with-default-user=squid' '--with-openssl'
>
> You have --with-default-user=X listed twice with two different account
> names. Pick one.
>
> Also --enable-ssl does not exist in 3.5. Remove.
>
> You are missing the --enable-linux-netfilter option that enables NAT
> interception on Linux.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160106/7c956d49/attachment.html>
More information about the squid-users
mailing list