[squid-users] Re: IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 4125: (2) No such file or directory

From: Omid Kosari <omidkosari_at_yahoo.com>
Date: Fri, 11 Oct 2013 03:50:17 -0700 (PDT)

First of all thanks for professional comments about configs . i was looking
for that

Amos Jeffries-2 wrote
> Possibly the URL-rewriter. Depending on whether it is rewriting URLs to
> point anywhere back at this proxy.

my jesred.rules contains

regexi ^http://(.+\.||)server.cn/.*
302:http://www.netshahr.com/website-unavailable/
regexi ^http://cpe.management/.*
302:http://www.netshahr.com/website-unavailable/
regexi ^http://wpad.domain.name/.*
302:http://www.netshahr.com/website-unavailable/
regexi ^http://isatap.home/.*
302:http://www.netshahr.com/website-unavailable/
regexi ^http://(.+\.||)scorecardresearch.com/.*
302:http://www.netshahr.com/website-unavailable/

Amos Jeffries-2 wrote
> Also, Squid serves some content directly. Such as embeded objects in
> error pages, icons on FTP listing pages, cachemgr reports, cache peer
> communications. These require a regular forward-proxy http_port without
> intercept/tproxy options. Requests for these are being rejected by your
> config (to_mysef ACL) but will also get these NAT failures first.

But these rules existed before and that problem did not occur . BTW i
commented those 2 lines to see what happens

Amos Jeffries-2 wrote
> What version of Squid are you using? 3.2 and later will silence the
> above problem most of the time but it is still corrupting your logs.

Sorry forgot to say .
Ubuntu Linux 12.10 x86_64 squid 3.1.20-1ubuntu1.1 . packages are default
ubuntu packages .

Amos Jeffries-2 wrote
> Please run "squid -k parse" over this config and fix anything it
> highlights.

Highlights ?! you mean Warnings ? only following warnings appears after your
comments done . a bit explain please .

2013/10/11 13:46:12| WARNING: use of 'ignore-reload' in 'refresh_pattern'
violates HTTP
2013/10/11 13:46:12| WARNING: use of 'ignore-no-cache' in 'refresh_pattern'
violates HTTP
2013/10/11 13:46:12| WARNING: use of 'ignore-no-store' in 'refresh_pattern'
violates HTTP
2013/10/11 13:46:12| WARNING: use of 'ignore-private' in 'refresh_pattern'
violates HTTP
2013/10/11 13:46:12| WARNING: HTTP requires the use of Via

Amos Jeffries-2 wrote
> So what is the objection to via?
>
> Note that the special access controls you have to use to avoid the
> probems removing it is causing will not prevent relay loops which happen
> as 2-hop loops via the peer and will break the URLs being served up
> directly by this proxy.

Tried to hide the proxy as possible . you suggest turn it on ?

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/IpIntercept-cc-137-NetfilterInterception-NF-getsockopt-SO-ORIGINAL-DST-failed-on-FD-4125-2-No-such-fy-tp4662558p4662578.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Fri Oct 11 2013 - 10:51:06 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 11 2013 - 12:00:04 MDT