On Fri, Apr 08, 2011 at 03:25:55PM +0530, Indunil Jayasooriya wrote: > I am trying to test squid 3.2.0.6 on OpenBSD 4.8 (amd64) in > transparent mode. I can browse internet. But, I get the below error. >
> # chgrp _squid /dev/pf > # chmod g+rw /dev/pf > scary. squid should not touch /dev/pf at all. we have a new method in pf that does not require access to /dev/pf: divert-to. you can try the following: - revert /dev/pf to the old 0600 permissions - recompile squid _without_ --enable-pf-transparent (disable it) - update your pf.conf to use divert-to instead of rdr-to divert-to provides the real destination address inline via the standard getsockname() call which is done by squid by default if no other transparent mode is configured (as far as I understand the code in squid's client_side.c). the `traditional' rdr-to method had to do an out-of-band call on /dev/pf to retrieve this information. reyk
