> > I should have added some specifics...here are the log items in > cache.log: > > 2008/07/23 13:35:34| IPInterception.cc(171) NetfilterTransparent: NF > getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available > 2008/07/23 13:36:37| IPInterception.cc(137) NetfilterInterception: NF > getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily > unavailable
These can often be cleared up by correct use of 'intercept' and 'tproxy' options in http_port. The old 'transparent' option is deprecated and will to be backward-compatible, turn both on when often only one lookup type is needed on that port. > > ....and occasionally the client browser sees an error page from squid > stating a connection to the server failed, and the system returns a > "(99) Cannot assign requested address" This may be related to the above. If a tproxy receiving port is also used for DNAT/REDIRECT reception the tproxy kernel sub-system may not have records to correctly handle the apparent client address. The getsockopt() failures should not be a problem, just annoying. The assign failure, may be a problem. Squid will use its normal outgoing address I think in those cases. But I'm not certain on the network routing behavior when transparent squid become visible. To solve both the the above. I recommend using seperate http_port's to receive each type of traffic and setting specific 'intercept' or 'tproxy' options to match the expected traffic types. Amos > > -----Original Message----- > From: Ritter, Nicholas > Sent: Wednesday, July 23, 2008 1:18 PM > To: '[email protected]' > Subject: squid3HEAD/TPROXY: interception log entries > > I have successfully setup squid-3.HEAD-20080721 on CentOS 5.2 with > iptables 1.4.0, linux 2.6.25.11, > tproxy-kernel-2.6.25-20080519-165031-1211208631, and > tproxy-iptables-1.4.0-20080521-113954-1211362794.patch; all with WCCP > support. > > I have to say the you guys are amazing as this software is working very > nicely. > > I noticed that cache.log is showing IPInterception.cc(137) and > IPInterception.cc(171) errors with NetfilterInterception. I did a search > of the listserv and saw someone else comment on this, but no solutions > (I think.) Is there anything I can do to help facilitate the solution of > this log entry/error? > > Nicholas >
