Squid/ipfilter Transparent Proxy Problems

Eric Heintzberger eric_e_heintzberger at yahoo.com
Mon May 23 18:13:02 PDT 2005


I am trying to set up a transparent caching proxy
using squid and ipfilter. Currently, if I manually
configure my web browser to use the squid proxy
server, it works fine. My problem arises when I use
ipfilter NAT to intercept HTTP requests, and force
clients to use the proxy, using the following ipfilter
redirect rule:

rdr rl0 0/0 port 80 -> 127.0.0.1 port 3128 tcp

This causes squid to crash and restart. I noticed the
following error in squid's cache.log:

parseHttpRequest: NAT open failed: (13) Permission
denied

It was suggested the permissions on /dev/ipnat should
be relaxed, but this did not seem to work. 

Any suggestions?

Here is the output of "squid -v":

Squid Cache: Version 2.5.STABLE10
configure options:  
--bindir=/usr/local/sbin
--sysconfdir=/usr/local/etc/squid -
-datadir=/usr/local/etc/squid
--libexecdir=/usr/local/libexec/squid 
--localstatedir=/usr/local/squid
'--enable-removal-policies=lru heap'
'--enable-auth=basic ntlm digest'
'--enable-basic-auth-helpers=NCSA PAM MSNT SMB
winbind' --enable-digest-auth-helpers=password
'--enable-external-acl-helpers=ip_user unix_group
wbinfo_group winbind_group' 
'--enable-ntlm-auth-helpers=SMB winbind' 
'--enable-store io=ufs diskd null' 
--enable-underscores --enable-ipf-transparent 
--with-large-files 
--enable-large-cache-files
'--enable-err-languages=[omitted] 
--enable-default-err-language=English
--prefix=/usr/local i386-portbld-freebsd5.4

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the freebsd-questions mailing list