On 12/20/2011 7:06 PM, Amos Jeffries wrote:
> On 21/12/2011 12:33 a.m., Nguyen Hai Nam wrote:
>> Hi there,
>>
>> I'm building new squid box which is 3.2.0.14 on OpenIndiana 151a, the
>> configuration is as usual but when squid started up, intercept mode
>> didn't work.
>>
>> IP NAT table already works:
>>
>> # ipnat -l
>> List of active MAP/Redirect filters:
>> rdr rtls0 0.0.0.0/0 port 80 -> 10.2.176.31 port 3129 tcp
>>
>> List of active sessions:
>> RDR 10.2.176.31 3129 <- -> 66.220.149.48 80 [10.10.225.253
>> 57093]
>> RDR 10.2.176.31 3129 <- -> 66.220.149.48 80 [10.10.225.253
>> 57092]
>>
>
> What NAT system is this?
> a PF or IPFilter?
> if PF, which OpenBSD version is it based on?
>
> How exactly is it not working?
> ioclt() lookup failures?
> or 409 (Conflict) HTTP responses?
> or something else?
>
> Amos
>
>> Squid starts up normally:
>>
>> # tail -n 25 /usr/squid/var/logs/cache.log
>> 2011/12/20 02:24:07 kid1| Using Least Load store dir selection
>> 2011/12/20 02:24:07 kid1| Set Current Directory to
>> /usr/squid/var/cache/squid
>> 2011/12/20 02:24:07 kid1| Loaded Icons.
>> 2011/12/20 02:24:07 kid1| HTCP Disabled.
>> 2011/12/20 02:24:07 kid1| Squid plugin modules loaded: 0
>> 2011/12/20 02:24:07 kid1| Ready to serve requests.
>> 2011/12/20 02:24:07 kid1| Accepting HTTP Socket connections at
>> local=[::]:3128 remote=[::] FD 19 flags=9
>> 2011/12/20 02:24:07 kid1| Accepting NAT intercepted HTTP Socket
>> connections at local=0.0.0.0:3129 remote=[::] FD 20 flags=41
>> 2011/12/20 02:24:07 kid1| Done reading /usr/squid/var/cache/squid
>> swaplog (0 entries)
>> 2011/12/20 02:24:07 kid1| Finished rebuilding storage from disk.
>> 2011/12/20 02:24:07 kid1| 0 Entries scanned
>> 2011/12/20 02:24:07 kid1| 0 Invalid entries.
>> 2011/12/20 02:24:07 kid1| 0 With invalid flags.
>> 2011/12/20 02:24:07 kid1| 0 Objects loaded.
>> 2011/12/20 02:24:07 kid1| 0 Objects expired.
>> 2011/12/20 02:24:07 kid1| 0 Objects cancelled.
>> 2011/12/20 02:24:07 kid1| 0 Duplicate URLs purged.
>> 2011/12/20 02:24:07 kid1| 0 Swapfile clashes avoided.
>> 2011/12/20 02:24:07 kid1| Took 0.05 seconds ( 0.00 objects/sec).
>> 2011/12/20 02:24:07 kid1| Beginning Validation Procedure
>> 2011/12/20 02:24:07 kid1| Completed Validation Procedure
>> 2011/12/20 02:24:07 kid1| Validated 0 Entries
>> 2011/12/20 02:24:07 kid1| store_swap_size = 0.00 KB
>> 2011/12/20 02:24:08 kid1| storeLateRelease: released 0 objects
>> 2011/12/20 02:24:27| Squid is already running! Process ID 2413
>>
>> Squid still works fine with configured proxy setting in browser.
>>
>> Hope to receive your kind assistance.
>>
>> Best regards,
>> ~Neddie
>
Hi,
It's IPfilter:
Squid Cache: Version 3.2.0.14
configure options: '--prefix=/usr/squid' '--enable-ipf-transparent'
--enable-ltdl-convenience
I forgot to attach the debug errors; by the way, it failed at ioclt()
lookup:
2011/12/20 04:06:03 kid1| BUG: Orphan Comm::Connection:
local=10.2.176.31:3129 remote=10.2.178.178:13216 FD 14 flags=33
2011/12/20 04:06:03 kid1| NOTE: 7 Orphans since last started.
2011/12/20 04:06:03 kid1| Intercept.cc(253) IpfInterception: NAT lookup
failed: ioctl(SIOCGNATL)
Thanks,
Received on Wed Dec 21 2011 - 01:02:42 MST
This archive was generated by hypermail 2.2.0 : Wed Dec 21 2011 - 12:00:03 MST