Re: [squid-users] Re: /dev/pf permission for squid 3.2.0.6 on openbsd 4.8

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 11 Apr 2011 17:11:27 +1200

On 11/04/11 16:31, Indunil Jayasooriya wrote:
> Hi reyk,
>
> many thanks for the reply.
>
>
>> - revert /dev/pf to the old 0600 permissions
>
> reverted. Now it is set to default. pls see below.
>
> # ls -al /dev/pf
>
> crw------- 1 root wheel 73, 0 Apr 1 19:30 /dev/pf
>
>
>
>> - recompile squid _without_ --enable-pf-transparent (disable it)
>
> recompiled without --enable-pf-transparent
>
> pls see squid configuration option ( Now, no --enable-pf-transparent option)
>
> # squid -v
>
> Squid Cache: Version 3.2.0.6
>
> configure options: '--datadir=/usr/local/share/squid'
> '--enable-arp-acl' '--enable-basic-auth-helpers=NCSA'
> '--enable-digest-auth-helpers=password' '--enable-delay-pools'
> '--enable-external-acl-helpers=ip_user' '--enable-forw-via-db'
> '--enable-negotiate-auth-helpers=squid_kerb_auth'
> '--enable-removal-policies=lru' '--enable-ssl' '--enable-storeio=aufs'
> '--with-pthreads' '--localstatedir=/var/squid' '--prefix=/usr/local'
> '--sysconfdir=/etc/squid' '--mandir=/usr/local/man'
> '--infodir=/usr/local/info' --enable-ltdl-convenience
>
>
>> - update your pf.conf to use divert-to instead of rdr-to
>
> updated. Pls see below.
>
> pass in log on $int_if proto tcp from $lan_net to any port 80 \
> divert-to 127.0.0.1 port 3129
>
>
> but, still now luck. any comments ?

3.2 will not mark the traffic and do any of the special transparent
traffic handling unless one of the NAT lookups functions returns true.
Just relying on the default getsockname() is not sufficient to mark the
traffic for special handling.

Fortunately the "ipfw" NAT lookup does what the new PF version
apparently needs. The --enable-ipfw-transparent should work as a
temporary measure.

I would like to fix this so --enable-pf-transparent properly detects and
handles the version of PF available. Are you able to find out how I
could do that please?

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.6
Received on Mon Apr 11 2011 - 05:11:32 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 19 2011 - 12:00:04 MDT