From owner-freebsd-questions@FreeBSD.ORG Tue May 24 01:13:02 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92FF516A41C for ; Tue, 24 May 2005 01:13:02 +0000 (GMT) (envelope-from eric_e_heintzberger@yahoo.com) Received: from web53508.mail.yahoo.com (web53508.mail.yahoo.com [206.190.37.69]) by mx1.FreeBSD.org (Postfix) with SMTP id 1AB0943D1F for ; Tue, 24 May 2005 01:13:02 +0000 (GMT) (envelope-from eric_e_heintzberger@yahoo.com) Received: (qmail 43821 invoked by uid 60001); 24 May 2005 01:13:01 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=RcDotQIZe87TOxEN94fmzIXJpQavQNd/MxUNPJ4+UtPB7fyji4G0CkEHtkQfTV0e/UhBjFoz26uaRJ2XeJtdT61PUI8+U15n/3vRCewr5IIZ8/5BlIQ9bCwT0GBfHfmwUfmNbNNMENWSFwfJyWs7iFFAgnM7C+Vf7CvPGl2DXi4= ; Message-ID: <20050524011301.43819.qmail@web53508.mail.yahoo.com> Received: from [206.163.83.30] by web53508.mail.yahoo.com via HTTP; Mon, 23 May 2005 18:13:01 PDT Date: Mon, 23 May 2005 18:13:01 -0700 (PDT) From: Eric Heintzberger To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Squid/ipfilter Transparent Proxy Problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 May 2005 01:13:02 -0000 I am trying to set up a transparent caching proxy using squid and ipfilter. Currently, if I manually configure my web browser to use the squid proxy server, it works fine. My problem arises when I use ipfilter NAT to intercept HTTP requests, and force clients to use the proxy, using the following ipfilter redirect rule: rdr rl0 0/0 port 80 -> 127.0.0.1 port 3128 tcp This causes squid to crash and restart. I noticed the following error in squid's cache.log: parseHttpRequest: NAT open failed: (13) Permission denied It was suggested the permissions on /dev/ipnat should be relaxed, but this did not seem to work. Any suggestions? Here is the output of "squid -v": Squid Cache: Version 2.5.STABLE10 configure options: --bindir=/usr/local/sbin --sysconfdir=/usr/local/etc/squid - -datadir=/usr/local/etc/squid --libexecdir=/usr/local/libexec/squid --localstatedir=/usr/local/squid '--enable-removal-policies=lru heap' '--enable-auth=basic ntlm digest' '--enable-basic-auth-helpers=NCSA PAM MSNT SMB winbind' --enable-digest-auth-helpers=password '--enable-external-acl-helpers=ip_user unix_group wbinfo_group winbind_group' '--enable-ntlm-auth-helpers=SMB winbind' '--enable-store io=ufs diskd null' --enable-underscores --enable-ipf-transparent --with-large-files --enable-large-cache-files '--enable-err-languages=[omitted] --enable-default-err-language=English --prefix=/usr/local i386-portbld-freebsd5.4 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com