Hi, this question/problem is extracted from the other email "The right way how to increase max_filedescriptors on Linux".
*- my environment:* CentOS 6.9 Squid 3.1.23 / 3.4.14 IPv4 and IPv6 addresses on interfaces *- error and warning messages from cache.log:* IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD NN: (2) No such file or directory NN ... many error log entries with different FD value On Mon, May 21, 2018 at 3:29 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > These should not be related to FD numbers running out. As you can see FD > 68 was already allocated to this TCP connection and the socket accept()'ed. > > NAT errors are usually caused by explicit-proxy traffic arriving at a > NAT interception port. Such traffic is prohibited. > or by NAT table overflowing under extreme traffic loads. Either way > current Squid versions will terminate that connection immediately since > it cannot identify where the packets were supposed to be going. > This is strange because I don't use any NAT iptables/netfilter rules on this server: [root@...]# iptables -n -L -v -t nat Chain PREROUTING (policy ACCEPT 26964 packets, 1870K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 11013 packets, 817K bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 11015 packets, 817K bytes) pkts bytes target prot opt in out source destination- Only one weird thing I found in my Squid configuration - I had defined only one http_port (http_port 3128 intercept) and this port was used to access proxy via explicit definitions in systems or applications - without any REDIRECT or marking in iptables/netfilter rules I thank for every response that makes the error messages more clear. -- Karel Ziegler
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
