Re: [squid-users] squid trying access PF devices (freebsd)

From: Amos Jeffries <squid3@dont-contact.us>
Date: Sat, 19 Jan 2008 21:50:25 +1300

Alexandre Correa wrote:
> maresia# ls -l /dev/pf
> crw------- 1 root wheel 0, 74 Jan 10 11:18 /dev/pf
>

Looks like all you need to do is start squid properly as root user and
let it do the permissions dropping properly itself.

>
> i will recompile squid without pf support.. i donīt need this on
> proxies... because gateways redirect to proxies.. :)

If you are performing any kind of transparent interception with squid
you will need one of the --*-transparent options. Without it squid will
fail to correctly spoof the clients IP.

Amos

> thanks !!!
>
> regards !
>
> On Jan 18, 2008 10:45 PM, Adrian Chadd <adrian@creative.net.au> wrote:
>> On Fri, Jan 18, 2008, Alexandre Correa wrote:
>>> yes,,, gateway redirect packets going t tcp/80 for squid servers !!
>> Then ls -l /dev/pf, look at the ownership/permissions, make sure you at least
>> start squid as root?
>>
>>
>>
>>
>> Adrian
>>
>>
>>> On Jan 18, 2008 3:14 PM, Adrian Chadd <adrian@creative.net.au> wrote:
>>>> Are you running Squid-2.6 as a transparent proxy?
>>>>
>>>>
>>>> On Fri, Jan 18, 2008, Alexandre Correa wrote:
>>>>> Hello !!
>>>>>
>>>>> one of my proxies, running squid 2.6S17 on freebsd 6.2 is trying
>>>>> access PF device.. in cache.log shows this error message:
>>>>>
>>>>>
>>>>> 2008/01/18 14:51:13| clientNatLookup: PF open failed: (13) Permission denied
>>>>>
>>>>> on every request !!
>>>>>
>>>>> how i can disable this ?!?! removing this configure option
>>>>> --enable-pf-transparent can solve ?
>>>>>
>>>>> regards
>>>>>
>>>>> --
>>>>>
>>>>> Sds.
>>>>> Alexandre J. Correa
>>>>> Onda Internet / OPinguim.net
>>>>> http://www.ondainternet.com.br
>>>>> http://www.opinguim.net
>>>> --
>>>> - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
>>>> - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
>>>>
>>>
>>>
>>> --
>>>
>>> Sds.
>>> Alexandre J. Correa
>>> Onda Internet / OPinguim.net
>>> http://www.ondainternet.com.br
>>> http://www.opinguim.net
>> --
>>
>> - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
>> - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
>>
>
>
> 

-- 
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
Received on Sat Jan 19 2008 - 01:49:58 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST