Re: [squid-users] parseHttpRequest: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available from Henrik Nordstrom on 2006-09-20 (squid-users)

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Wed, 20 Sep 2006 14:54:48 +0200

ons 2006-09-20 klockan 08:32 +0200 skrev "Víctor J. Hernández Gómez":
> >> 2006/09/19 11:44:30| parseHttpRequest: NF getsockopt(SO_ORIGINAL_DST)
> >> failed: (92) Protocol not available
> >>
> >> ...in our cache.log.
> >>
> >> Any idea on what is going on?
> >
> > Do you have the NAT iptable loaded?
>
> On the squid-box? No, I have not loaded iptable nat. Should I? NAT is
> applied in a box before the packets reach squid.

Then transparent interception will not work properly as there will not
be any way for the proxy to find out the originally intended destination
address.

It will in most cases still work however as nearly all clients sends
Host headers indicating the requested web site, but in such setups you
should not be using the "transparent" option. Instead use "vport=80
vhost" and always_direct, configuring your Squid as an accelerator for
the whole Internet..

Regards
Henrik

application/pgp-signature attachment: Detta �r en digitalt signerad meddelandedel

Received on Wed Sep 20 2006 - 06:54:56 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT