RE: [squid-users] squid 2.5 - ipf transparent proxy - FreeBSD 5.3-p13

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 31 May 2005 19:34:15 +0200 (CEST)

Can you please file a bug report on the original issue so I can publish
the patch.

   http://www.squid-cache.org/bugs/

On Tue, 31 May 2005, Martijn Broeders - HUB Labs wrote:

> Hello Henrik,
>
> Thanks for the patch. This one works perfectly!
>
> Best regards,
> Martijn Broeders
>
>> -----Original Message-----
>> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
>> Sent: Tuesday, May 31, 2005 4:03 AM
>> To: Martijn Broeders - HUB Labs
>> Cc: Squid Users
>> Subject: RE: [squid-users] squid 2.5 - ipf transparent proxy
>> - FreeBSD 5.3-p13
>>
>> Updated patch.
>>
>> Found more errors int the same code for PF. The updated patch
>> rearranges
>> things to be a little softer and consistent on errors. In
>> most cases it
>> will work fine regardless (as you noticed with 2.5.STABLE9).
>>
>> On Tue, 31 May 2005, Henrik Nordstrom wrote:
>>
>>> On Mon, 30 May 2005, Martijn Broeders - HUB Labs wrote:
>>>
>>>> I did some debugging en testing.... and solved the problem.
>>>>
>>>> There seems to be a big difference between STABLE9 and STABLE10
>>>> concerning ipnat and the --enable-ipf-transparent make arg.
>>>>
>>>> With STABLE10 you have to do a 'chown root:squid /dev/ipnat'
>>>> and a 'chmod g+rw /dev/ipnat' to succesfully enable transparent
>>>> proxying (assuming that you start your squid server with the
>>>> squid user and squid group).
>>>>
>>>> With STABLE9 you could leave the /dev/ipnat owned by root:wheel,
>>>> but with STABLE10 you cannot!
>>>
>>> It has always needed access to the nat device...
>>>
>>>> The core dump (described in my first mail with this subject)
>>>> occurs when the rights are not good on the ipnat device.
>>>
>>> Right. A return statement has gone missing there.
>>>
>>> The attached patch should restore the error handling equal
>> to 2.5.STABLE9:
>>> request rejected with error in cache.log. Please try this
>> patch and report
>>> back.
>>>
>>> note: To trigger this in 2.5.STABLE9 you need to send a
>> HTTP/1.0 request
>>> without Host header.
>>>
>>> Regards
>>> Henrik
>>
>
Received on Tue May 31 2005 - 11:34:17 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:04 MDT