> On 04/06/2011 12:08, Amos Jeffries wrote:
>
>> On 04/06/11 09:16, MrNicholsB wrote:
>>> Ok Ive had squid3 running rock solid for months, I recently migrated
>>> from Ubuntu 9 to 10.04 and now Squid is clearly not caching, but traffic
>>> IS passing through it, my conf is the same as it was before but now im
>>> getting an error on cache.log every time squid gets a request, any help
>>> would be great, im sure its something simple Im just not seeing..THANK
>>> YOU!!
>>>
>>>
>>> ERRORs from cache.log
>>> ==============================
>>> 2011/06/03 13:57:32| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST)
>>> failed: (92) Protocol not available
>>
>> You have a http_port configured with "transparent" or "intercept".
>> Tellign Squid to lookup NAT for the IP details.
>> It is being sent traffic which apparently never went through NAT. Your
>> access.log will contain lies about what client IP was making the
>> request. *THIS IS BAD*. Your squid.conf is making you vulnerable to
>> security attack CVE-2009-0801
>>
>> Solution:
>> * pick a random port number for the NAT-to-Squid packet arrival. Use a
>> second port for regular proxy requests.
>>
>> * follow the config details for iptables "mangle" table:
>> http://wiki.squid-cache.org/ConfigExamples/LinuxDnat
Sorry, that should have been
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2Received on Sat Jun 04 2011 - 14:26:08 MDT
This archive was generated by hypermail 2.2.0 : Sun Jun 05 2011 - 12:00:03 MDT