Transparent proxy

From: Martynas Buozis <martynas@dont-contact.us>
Date: Wed, 16 Feb 2000 19:42:00 +0200

Dear sirs,

I have SUN SPARC machine with Solaris 2.6. I am running on it Squid
2.2.STABLE5. Squid compiled with these configure options :

./configure --prefix=/local/squid --enable-dlmalloc --enable-icmp --enable-c
achemgr-hostname=proxy.5ci.lt --enable-htcp --enable-forw-via-db --enable-ca
che-digests --enable-ipf-transparent --disable-ident-lookups

Also I installed IP filter 3.3.9. On CISCO I configured route-map to forward
all requests to 80 port to my machine running squid. InSquid conf file
included necessary options for transparent proxying. Also I am using these
rules for redirecting packets :

rdr le0 212.122.64.18/32 port 80 -> 212.122.64.18 port 80 tcp
rdr le0 0.0.0.0/0 port 80 -> 212.122.64.18 port 8080 tcp

Everything looks like ok This works. But in cache.log file I see some
messages and want to ask, why these messages appear, is it some kind of
trouble and how I can fix this. This is an examples of these messages :

1. 2000/02/16 18:11:23| parseHttpRequest: Unsupported method 'PROPFIND'
   2000/02/16 18:11:23| clientReadRequest: FD 10 Invalid Request

2. 2000/02/16 18:19:59| parseHttpRequest: NAT open failed: (13) Permission
denied
   2000/02/16 18:19:59| clientReadRequest: FD 62 Invalid Request
   2000/02/16 18:20:21| parseHttpRequest: NAT open failed: (13) Permission
denied
   2000/02/16 18:20:21| clientReadRequest: FD 94 Invalid Request
   2000/02/16 18:32:53| parseHttpRequest: NAT open failed: (13) Permission
denied
   2000/02/16 18:32:53| clientReadRequest: FD 47 Invalid Request

ipnat device has permissions "crw------- 1 root root ", Must I change
these permission to any other (squid is running nobody:nobody) ? Will this
be secure ?

3. 2000/02/16 19:21:21| sslReadServer: FD 22: read failure: (131) Connection
reset by peer
   2000/02/16 19:21:21| sslReadServer: FD 30: read failure: (131) Connection
reset by peer
   2000/02/16 19:21:21| sslReadServer: FD 48: read failure: (131) Connection
reset by peer

If it is possible, please send some comments about these messages. Thank you
in advance.

WBR,
Martynas
Received on Wed Feb 16 2000 - 10:50:32 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:17 MST