RE: [squid-users] squid 2.5 - ipf transparent proxy - FreeBSD 5.3-p13

Hello Henrik,

Thanks for the patch. This one works perfectly!

Best regards,
Martijn Broeders

> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Tuesday, May 31, 2005 4:03 AM
> To: Martijn Broeders - HUB Labs
> Cc: Squid Users
> Subject: RE: [squid-users] squid 2.5 - ipf transparent proxy
> - FreeBSD 5.3-p13
>
> Updated patch.
>
> Found more errors int the same code for PF. The updated patch
> rearranges
> things to be a little softer and consistent on errors. In
> most cases it
> will work fine regardless (as you noticed with 2.5.STABLE9).
>
> On Tue, 31 May 2005, Henrik Nordstrom wrote:
>
> > On Mon, 30 May 2005, Martijn Broeders - HUB Labs wrote:
> >
> >> I did some debugging en testing.... and solved the problem.
> >>
> >> There seems to be a big difference between STABLE9 and STABLE10
> >> concerning ipnat and the --enable-ipf-transparent make arg.
> >>
> >> With STABLE10 you have to do a 'chown root:squid /dev/ipnat'
> >> and a 'chmod g+rw /dev/ipnat' to succesfully enable transparent
> >> proxying (assuming that you start your squid server with the
> >> squid user and squid group).
> >>
> >> With STABLE9 you could leave the /dev/ipnat owned by root:wheel,
> >> but with STABLE10 you cannot!
> >
> > It has always needed access to the nat device...
> >
> >> The core dump (described in my first mail with this subject)
> >> occurs when the rights are not good on the ipnat device.
> >
> > Right. A return statement has gone missing there.
> >
> > The attached patch should restore the error handling equal
> to 2.5.STABLE9:
> > request rejected with error in cache.log. Please try this
> patch and report
> > back.
> >
> > note: To trigger this in 2.5.STABLE9 you need to send a
> HTTP/1.0 request
> > without Host header.
> >
> > Regards
> > Henrik
>
Received on Tue May 31 2005 - 10:19:56 MDT