I have deployed a field test of a squid 3HEAD box running TPROXY in a
WCCP configuration. Under more client load (that could not be simulated
in my lab) I am noticing that users are getting "(99) Cannot assign
requested address" errors from the squid box. The odd thing is that some
web sites cause the error to happen almost all the time when the user
gets to a certain point through the website. Additonally the same sites
work fine in Safari on MacOS 10, but not in IE6 on WindowsXP SP2 (and
SP3). An observation from one enduser noted that if they hit the refresh
button in the browser enough, the error goes away.
Some sites that are giving problems are:
www.surveymonkey.com
shl-isp.com
bestkits.com
metraonline.com
I am using the following software versions:
CentOS 5.2 (x86_64)
squid/3.HEAD-20080721, with tproxy-onresetfd.patch from Amos Jeffries
(back on 7/26/08)
iptables-1.4.0, with tproxy-iptables-20080204-1915.patch
kernel 2.6.25-11, with tproxy-kernel-2.6.25-20080519-165031-1211208631
I am still getting the following entries in my cache.log, but not super
often since setting] "echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind" in
/proc.
008/09/09 14:55:22| IPInterception.cc(137) NetfilterInterception: NF
getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily
unavailable
2008/09/09 14:55:22| IPInterception.cc(171) NetfilterTransparent: NF
getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available
My squid.conf uses this for the http_port setting:
http_port 3128 tproxy intercept disable-pmtu-discovery=always
My question is, what can I do to troubleshoot this, or give members of
this list more information to help isolate the problem? Does anyone have
suggestions? I can post any information as requestion regarding the
specific configuration, etc.
Received on Tue Sep 09 2008 - 20:03:36 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 10 2008 - 12:00:03 MDT