[squid-users] ERROR: NAT/TPROXY lookup failed to locate original IPs on local

Fri Oct 19 19:09:08 UTC 2018

Yes you can use any ICAP/eCAP server you like, just adjust the docs as required and that is it.

From: Uchenna Nebedum <nebeduch at gmail.com>
Sent: Friday, 19 October 2018 20:17
To: Rafael Akchurin <rafael.akchurin at diladele.com>
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] ERROR: NAT/TPROXY lookup failed to locate original IPs on local

Thanks a lot Rafael, I've gone through the documentation it looks to be very promising, one reservation i have is I want to use greasyspoon for icap and i see ecap is implemented already. I intend to install everything as suggested on the link, then after this change squid.conf to remove ecap connection.
Please, I hope this will work?

Thanks a lot again for the link, it really explained everything well enough for a beginner.
Uchenna Nebedum

On Fri, Oct 19, 2018, 18:30 Rafael Akchurin <rafael.akchurin at diladele.com<mailto:rafael.akchurin at diladele.com>> wrote:
Hello Uchenna,

May be this policy based routing with Mikrotik tutorial will be of any use
See https://docs.diladele.com/tutorials/mikrotik_transparent_squid/index.html

Best regards,
Rafael Akchurin
Diladele B.V.

From: squid-users <squid-users-bounces at lists.squid-cache.org<mailto:squid-users-bounces at lists.squid-cache.org>> On Behalf Of Uchenna Nebedum
Sent: Friday, 19 October 2018 18:42
To: squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org>
Subject: [squid-users] ERROR: NAT/TPROXY lookup failed to locate original IPs on local

Good Day All,
i'm new to squid and i have configured squid as an http transparent proxy with a mikrotik.
the squid server has only a single NIC, so i followed a tutorial and set up a dst-nat to squid proxy for traffic on port 80,
Chain:dstnat.
Protocol:tcp
Dst-port:80
Action:dst-nat
To Addresses:192.168.2.2 (squid proxy)
To ports:8080
but after setup, only https traffic works correctly,
http traffic client error is "This page isn't working ERR_EMPTY_RESPONSE"
squid access.log is empty then in squid cache.log these are the errors

```
2018/10/19 17:08:54 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.2.2:8080<http://192.168.2.2:8080> remote=192.168.1.254:41248<http://192.168.1.254:41248> FD 10 flags=33: (92) Protocol not available
2018/10/19 17:08:54 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.2.2:8080<http://192.168.2.2:8080> remote=192.168.1.254:41248<http://192.168.1.254:41248> FD 10 flags=33
```
please find below my squid.conf contents

```
acl localnet src 192.168.1.0/24<http://192.168.1.0/24>
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
icap_enable off
icap_service service_req reqmod_precache 1 icap://127.0.0.1:1344/REQMOD<http://127.0.0.1:1344/REQMOD>
adaptation_service_set class_req service_req
adaptation_access class_req allow all
icap_service service_resp respmod_precache 0 icap://127.0.0.1:1344/RESPMOD<http://127.0.0.1:1344/RESPMOD>
adaptation_service_set class_resp service_resp
adaptation_access class_resp allow all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access allow all
http_port 3128
http_port 8080 transparent
 access_log daemon:/var/log/squid/access.log squid
coredump_dir /var/spool/squid
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .        0    20%    4320
```
please any help or correction would be highly appreciated, i am not even sure if the approach is correct.

--
Nebedum Uchenna
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20181019/9942b230/attachment-0001.html>