Re: [squid-users] Problems with transparancy and pf

From: Indunil Jayasooriya <indunil75_at_gmail.com>
Date: Tue, 29 Mar 2011 15:56:29 +0530

 Pls see below Urls

 http://forums.freebsd.org/showthread.php?t=16917

 http://forums.freebsd.org/showthread.php?t=14889

 http://forums.freebsd.org/showthread.php?t=10874

On Tue, Mar 29, 2011 at 3:32 PM, Leslie Jensen <leslie_at_eskk.nu> wrote:
> Hello list.
>
> I've used squid together with pf for a while on a Freebsd 7.2-RELEASE
> machine.
>
>
> I've now installed Freebsd 8.2-RELEASE on new hardware and I'm using my
> config from the 7.2 machine.
>
> My problem is that squid is not working with transparency. The browser
> traffic goes directly to the Internet.
>
> Setting proxy in the browser works, so I believe squid is ok.
>
> My question is about which build options I must use?
>
> I've used the following:
> SQUID_KERB_AUTH                 X       (ON)
> SQUID_NIS_AUTH                  X       (ON)
> SQUID_IPV6      (Default)       X       (ON)
>
> SQUID_DELAY_POOLS               X       (ON)
> SQUID_SNMP                      X       (ON)
> SQUID_HTCP (CARP?)              X       (ON)
> SQUID_WCCP                      X       (ON)
> SQUID_IDENT                             (OFF)
> SQUID_IPFW                      X       (ON)
> SQUID_PF                        X       (ON)
> SQUID_AUFS (Default)            X       (ON)
> SQUID_KQUEUE                    X       (ON)
>
> Then I found this
> https://wiki.andrewmercer.net/index.php/Squid_-_Transparent_Proxy
>
> Where he suggests that even
> SQUID_IPFILTER                  X       (ON)
>
> Should be activated.
>
> I recompiled Squid3.1 with the above and now I get an error which I can
> understand because I do not have IPFilter installed/active.
>
> ____________________________________
>
> 2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
> (2) No such file or directory
> 2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
> (2) No such file or directory
> 2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
> (2) No such file or directory
> 2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
> (2) No such file or directory
> 2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
> (2) No such file or directory
> 2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
> (2) No such file or directory
> 2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
> (2) No such file or directory
> 2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
> (2) No such file or directory
> 2011/03/29 11:14:44| IpIntercept.cc(250) IpfInterception: NAT open failed:
> (2) No such file or directory
> _____________________________________
>
> So when only pf is used, must I compile squid with IPFILTER and IPFW ?
>
> Thanks
>
> /Leslie
> 

-- 
Thank you
Indunil Jayasooriya
Received on Tue Mar 29 2011 - 10:26:38 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 29 2011 - 12:00:02 MDT