[squid-users] squid 3.2.0.18 transparent nat interception from Pawel Mojski on 2012-08-29 (squid-users)

From: Pawel Mojski <pawcio_at_pawcio.net>
Date: Wed, 29 Aug 2012 12:15:36 +0200

Hi All.

I have a strange situation with squid 3.2.0.18 and nat interception.
I have configured:
http_port 8081 transparent.

When on gateway I do:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
ip.of.my.squid:8081 i have strange error.

In netstat I see like squid are connecting to himself in a unfinished
loop. It looks like this:

tcp 0 0 172.30.0.135:53698 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:52971
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:56046 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:54646
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:55927 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:56034
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:56065 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:55683 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:53589 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:52511
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:54113
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:56441
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:53259 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:53308 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:55520 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:53761
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:53936
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:55696 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:52855
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:54898 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:56410 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:54307 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:56028 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:55289
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:53133
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:56243
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:53129
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:53222
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:52837
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:53667
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:55430 172.30.0.135:8081
ESTABLISHED 21041/(squid-1)
tcp 0 0 172.30.0.135:8081 172.30.0.135:56324
ESTABLISHED 21041/(squid-1)

At the end in error log is information that the squid is out of the file
descriptors and connection with the client are closed.
What I did wrong?

PS: As far as I remember in squid 3.1.x I have'nt such problem.

-- 
Regards;
Pawel Mojski

Received on Wed Aug 29 2012 - 10:15:51 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 29 2012 - 12:00:08 MDT