[squid-users] ERROR: NAT/TPROXY lookup failed to locate original IPs on local

Uchenna Nebedum nebeduch at gmail.com
Fri Oct 19 18:17:21 UTC 2018


Thanks a lot Rafael, I've gone through the documentation it looks to be
very promising, one reservation i have is I want to use greasyspoon for
icap and i see ecap is implemented already. I intend to install everything
as suggested on the link, then after this change squid.conf to remove ecap
connection.
Please, I hope this will work?

Thanks a lot again for the link, it really explained everything well enough
for a beginner.

Uchenna Nebedum

On Fri, Oct 19, 2018, 18:30 Rafael Akchurin <rafael.akchurin at diladele.com>
wrote:

> Hello Uchenna,
>
>
>
> May be this policy based routing with Mikrotik tutorial will be of any use
>
> See
> https://docs.diladele.com/tutorials/mikrotik_transparent_squid/index.html
>
>
>
> Best regards,
>
> Rafael Akchurin
>
> Diladele B.V.
>
>
>
>
>
> *From:* squid-users <squid-users-bounces at lists.squid-cache.org> *On
> Behalf Of *Uchenna Nebedum
> *Sent:* Friday, 19 October 2018 18:42
> *To:* squid-users at lists.squid-cache.org
> *Subject:* [squid-users] ERROR: NAT/TPROXY lookup failed to locate
> original IPs on local
>
>
>
> Good Day All,
>
> i'm new to squid and i have configured squid as an http transparent proxy
> with a mikrotik.
>
> the squid server has only a single NIC, so i followed a tutorial and set
> up a dst-nat to squid proxy for traffic on port 80,
>
> Chain:dstnat.
>
> Protocol:tcp
>
> Dst-port:80
>
> Action:dst-nat
>
> To Addresses:192.168.2.2 (squid proxy)
>
> To ports:8080
>
> but after setup, only https traffic works correctly,
>
> http traffic client error is "This page isn't working ERR_EMPTY_RESPONSE"
>
> squid access.log is empty then in squid cache.log these are the errors
>
>
>
> ```
>
> 2018/10/19 17:08:54 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
> local=192.168.2.2:8080 remote=192.168.1.254:41248 FD 10 flags=33: (92)
> Protocol not available
> 2018/10/19 17:08:54 kid1| ERROR: NAT/TPROXY lookup failed to locate
> original IPs on local=192.168.2.2:8080 remote=192.168.1.254:41248 FD 10
> flags=33
>
> ```
>
> please find below my squid.conf contents
>
>
>
> ```
>
> acl localnet src 192.168.1.0/24
> acl SSL_ports port 443
> acl Safe_ports port 80
> acl Safe_ports port 21
> acl Safe_ports port 443
> acl Safe_ports port 70
> acl Safe_ports port 210
> acl Safe_ports port 1025-65535
> acl Safe_ports port 280
> acl Safe_ports port 488
> acl Safe_ports port 591
> acl Safe_ports port 777
> acl CONNECT method CONNECT
> icap_enable off
> icap_service service_req reqmod_precache 1 icap://127.0.0.1:1344/REQMOD
> adaptation_service_set class_req service_req
> adaptation_access class_req allow all
> icap_service service_resp respmod_precache 0 icap://127.0.0.1:1344/RESPMOD
> adaptation_service_set class_resp service_resp
> adaptation_access class_resp allow all
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost manager
> http_access deny manager
> http_access deny to_localhost
> http_access allow localnet
> http_access allow localhost
> http_access allow all
> http_port 3128
> http_port 8080 transparent
>  access_log daemon:/var/log/squid/access.log squid
> coredump_dir /var/spool/squid
> refresh_pattern ^ftp:        1440    20%    10080
> refresh_pattern ^gopher:    1440    0%    1440
> refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
> refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
> refresh_pattern .        0    20%    4320
>
> ```
>
> please any help or correction would be highly appreciated, i am not even
> sure if the approach is correct.
>
>
> --
>
> Nebedum Uchenna
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20181019/ebf16182/attachment-0001.html>


More information about the squid-users mailing list