Re: [squid-users] Re: /dev/pf permission for squid 3.2.0.6 on openbsd 4.8 from Amos Jeffries on 2011-04-10 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 11 Apr 2011 17:31:08 +1200

On 11/04/11 17:11, Amos Jeffries wrote:
> On 11/04/11 16:31, Indunil Jayasooriya wrote:
>> Hi reyk,
>>
>> many thanks for the reply.
>>
>>
>>> - revert /dev/pf to the old 0600 permissions
>>
>> reverted. Now it is set to default. pls see below.
>>
>> # ls -al /dev/pf
>>
>> crw------- 1 root wheel 73, 0 Apr 1 19:30 /dev/pf
>>
>>
>>
>>> - recompile squid _without_ --enable-pf-transparent (disable it)
>>
>> recompiled without --enable-pf-transparent
>>
>> pls see squid configuration option ( Now, no --enable-pf-transparent
>> option)
>>
>> # squid -v
>>
>> Squid Cache: Version 3.2.0.6
>>
>> configure options: '--datadir=/usr/local/share/squid'
>> '--enable-arp-acl' '--enable-basic-auth-helpers=NCSA'
>> '--enable-digest-auth-helpers=password' '--enable-delay-pools'
>> '--enable-external-acl-helpers=ip_user' '--enable-forw-via-db'
>> '--enable-negotiate-auth-helpers=squid_kerb_auth'
>> '--enable-removal-policies=lru' '--enable-ssl' '--enable-storeio=aufs'
>> '--with-pthreads' '--localstatedir=/var/squid' '--prefix=/usr/local'
>> '--sysconfdir=/etc/squid' '--mandir=/usr/local/man'
>> '--infodir=/usr/local/info' --enable-ltdl-convenience
>>
>>
>>> - update your pf.conf to use divert-to instead of rdr-to
>>
>> updated. Pls see below.
>>
>> pass in log on $int_if proto tcp from $lan_net to any port 80 \
>> divert-to 127.0.0.1 port 3129
>>
>>
>> but, still now luck. any comments ?
>
> 3.2 will not mark the traffic and do any of the special transparent
> traffic handling unless one of the NAT lookups functions returns true.
> Just relying on the default getsockname() is not sufficient to mark the
> traffic for special handling.
>
> Fortunately the "ipfw" NAT lookup does what the new PF version
> apparently needs. The --enable-ipfw-transparent should work as a
> temporary measure.
>
> I would like to fix this so --enable-pf-transparent properly detects and
> handles the version of PF available. Are you able to find out how I
> could do that please?
>

Oops. Nevermind. I see your other mail now.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.6

Received on Mon Apr 11 2011 - 05:31:13 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 11 2011 - 12:00:02 MDT