AW: AW: [squid-users] squid-3.1.0.9 - error directory not created automatically

From: Zeller, Jan <jan.zeller_at_id.unibe.ch>
Date: Thu, 9 Jul 2009 08:07:21 +0200

Sorry Henrik for my lack of knowledge here. But on the squid box I have done this :

$ iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 8080
$ iptables -t nat -vL
Chain PREROUTING (policy ACCEPT 885 packets, 49584 bytes)
pkts bytes target prot opt in out source destination
   0 0 REDIRECT tcp -- eth0 any anywhere anywhere tcp dpt:www redir ports 8080

Chain POSTROUTING (policy ACCEPT 59 packets, 3777 bytes)
pkts bytes target prot opt in out source destination
       
Chain OUTPUT (policy ACCEPT 59 packets, 3777 bytes)
pkts bytes target prot opt in out source destination

The gw/router rule is done by :

# iptables -t mangle -A PREROUTING -i eth1 -j MARK --set-mark 2 -p tcp --dport 80
# iptables -t mangle -vL PREROUTING
 Chain PREROUTING (policy ACCEPT 122K packets, 49M bytes)
 pkts bytes target prot opt in out source destination
  553 61889 MARK tcp -- eth1 any anywhere anywhere tcp dpt:www MARK xset 0x2/0xffffffff

# ip rule add fwmark 2 table 2
# ip rule show
 0: from all lookup local
 32765: from all fwmark 0x2 lookup 2
 32766: from all lookup main
 32767: from all lookup default

# ip r a default via 192.168.1.10 dev eth2 table 2
# ip route sh table 2
 default via 192.168.1.10 dev eth2

Where 192.168.1.10 is the IP address of the squidbox. Anyway it works well despite of the warnings.

Thanks

Jan

-----Ursprüngliche Nachricht-----
Von: Henrik Nordstrom [mailto:henrik_at_henriknordstrom.net]
Gesendet: Mittwoch, 8. Juli 2009 02:22
An: Zeller, Jan
Cc: squid-users_at_squid-cache.org
Betreff: Re: AW: [squid-users] squid-3.1.0.9 - error directory not created automatically

fre 2009-07-03 klockan 08:30 +0200 skrev Zeller, Jan:
> Thank you Amos that works !
> But now squid-3.1.0.9 produces nearly every second this message :
>
> squid[6609]: IpIntercept.cc(137) NetfilterInterception:
> NF getsockopt(SO_ORIGINAL_DST) failed on FD 403: (92) Protocol not available

This error indicates that your Squid is configured for
Netfilter/Iptables transparent interception, but there apparently is no
netfilter NAT rules installed on the server.. (NAT engine not loaded in
kernel).

How have you done your transparent interception?

Regards
Henrik
Received on Thu Jul 09 2009 - 06:07:38 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 09 2009 - 12:00:03 MDT