[squid-users] external NAT and "Protocol not available"

Hi folks,

I've got an OpenBSD gateway (including NAT) redirecting HTTP
traffic to a dedicated internal Linux host running Squid 3.1.9.
Problem: I see tons of messages in cache.log

:
2011/01/04 11:03:38| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 12: (92) Protocol not available
2011/01/04 11:03:38| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 21: (92) Protocol not available
2011/01/04 11:03:45| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 10: (92) Protocol not available
2011/01/04 11:03:47| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 28: (92) Protocol not available
:

Web access doesn't seem to be affected. How can I tell squid
to shut up?

Google recommended on the mailing list to use a dedicated
intercept address, but this did not help. Here is the
squid.conf file:

http_access allow all
http_port 3128
http_port 3129 intercept
hierarchy_stoplist cgi-bin ?
cache_dir aufs /var/spool/squid3 4096 16 256
access_log none
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
icap_enable on
icap_preview_enable on
icap_preview_size 128
icap_send_client_ip on
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
adaptation_access service_resp allow all

squid -v:

Squid Cache: Version 3.1.9
configure options:
'--build=x86_64-linux-gnu'
'--prefix=/usr'
'--includedir=${prefix}/include'
'--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info'
'--sysconfdir=/etc'
'--localstatedir=/var'
'--libexecdir=${prefix}/lib/squid3'
'--disable-maintainer-mode'
'--disable-dependency-tracking'
'--disable-silent-rules'
'--srcdir=.'
'--datadir=/usr/share/squid3'
'--sysconfdir=/etc/squid3'
'--mandir=/usr/share/man'
'--with-cppunit-basedir=/usr'
'--enable-inline'
'--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd'
'--enable-removal-policies=lru,heap'
'--enable-delay-pools'
'--enable-cache-digests'
'--enable-underscores'
'--enable-icap-client'
'--enable-follow-x-forwarded-for'
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM'
'--enable-ntlm-auth-helpers=smb_lm,'
'--enable-digest-auth-helpers=ldap,password'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
'--enable-arp-acl'
'--enable-esi'
'--disable-translation'
'--disable-ipv6'
'--with-logdir=/var/log/squid3'
'--with-pidfile=/var/run/squid3.pid'
'--with-filedescriptors=65536'
'--with-large-files'
'--with-default-user=proxy'
'--enable-linux-netfilter'
'build_alias=x86_64-linux-gnu'
'CFLAGS=-g -O2 -g -Wall -O2'
'LDFLAGS='
'CPPFLAGS='
'CXXFLAGS=-g -O2 -g -Wall -O2'
--with-squid=/home/hdunkel/debian/squid3/squid3-3.1.9

Any helpful comment would be highly appreciated.

Regards

Harri
Received on Tue Jan 04 2011 - 13:09:30 MST