[FUG-BR] squid: clientNatLookup: NAT open failed

[Joel Cappellesso]

Ola,

Estou utilizando:

7.2-STABLE FreeBSD 7.2-STABLE #1: Sat Jan 23 09:52:48 BRST 2010
root@:/usr/obj/usr/src/sys/CACHE  i386

Erro no squid:
2010/01/26 10:00:23| clientNatLookup: NAT open failed: (2) No such
file or directory

cache# squid -v
Squid Cache: Version 3.0.STABLE21
configure options:  '--with-default-user=squid'
'--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin'
'--datadir=/usr/local/etc/squid'
'--libexecdir=/usr/local/libexec/squid'
'--localstatedir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid'
'--enable-removal-policies=lru heap' '--disable-linux-netfilter'
'--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic digest
negotiate ntlm' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB
squid_radius_auth YP' '--enable-digest-auth-helpers=password'
'--enable-external-acl-helpers=ip_user session unix_group
wbinfo_group' '--enable-ntlm-auth-helpers=SMB'
'--enable-negotiate-auth-helpers=squid_kerb_auth' '--with-pthreads'
'--enable-storeio=ufs diskd null aufs' '--enable-ipfw-transparent'
'--enable-pf-transparent' '--enable-ipf-transparent' '--enable-kqueue'
'--with-large-files' '--enable-err-languages=Armenian Azerbaijani
Bulgarian Catalan Czech Danish  Dutch English Estonian Finnish French
German Greek  Hebrew Hungarian Italian Japanese Korean Lithuanian
Polish Portuguese Romanian Russian-1251 Russian-koi8-r  Serbian
Simplify_Chinese Slovak Spanish Swedish  Traditional_Chinese Turkish
Ukrainian-1251  Ukrainian-koi8-u Ukrainian-utf8'
'--enable-default-err-language=templates' '--prefix=/usr/local'
'--mandir=/usr/local/man' '--infodir=/usr/local/info/'
'--build=i386-portbld-freebsd7.2'
'build_alias=i386-portbld-freebsd7.2' 'CC=cc' 'CFLAGS=-O2
-fno-strict-aliasing -pipe ' 'LDFLAGS=' 'CPPFLAGS=' 'CXX=c++'
'CXXFLAGS=-O2 -fno-strict-aliasing -pipe'

Procurei na net e parece algo relacionado a permissão do /dev/pf,
tentei setar ele para o grupo do squid e alterar a permissão, mas
continua na mesma. Atualmente esta desta forma a permissão:

cache# ls -l /dev/pf
crw-rw-r--  1 root  squid    0,  71 Jan 24 14:15 /dev/pf

cache# cat /etc/pf.conf
rdr on re0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 3127
pass in quick on re0 route-to lo0 inet proto tcp from any to 127.0.0.1
port 3127 keep state


Tentei utilizar o ipfw , mas não redireciona para o squid.
As regras estão desta forma:


redes="{ ${rede1} or ${rede2} }"

#controle para rede de loopback
${fw} add set 3 allow all from any to any via lo0
${fw} add set 3 allow log all from 127.0.0.0/8 to any
${fw} add set 3 allow log all from any to 127.0

${fw} add set 20 allow tcp from ${redes} to me dst-port 3127
${fw} add set 20 allow tcp from me to any dst-port 80 keep-state
${fw} add set 20 allow tcp from ${redes} to me dst-port 80
${fw} add set 20 forward 127.0.0.1,3127 tcp from ${redes} to any dst-port 80


A estrutura de rede está em bridge:
# Bridge (rc.conf)
cloned_interfaces="bridge0"
ifconfig_bridge0="addm re0 addm re1 up"
ifconfig_re0="up"
ifconfig_re1="up"
ifconfig_bridge0_alias0="inet 200.200.200.200 netmask 255.255.255.252"


sysctl.conf
net.link.bridge.pfil_member=1
net.link.bridge.ipfw=1
net.link.bridge.pfil_bridge=1

re0 é a placa de rede ligada a interface de entrada. re1 é a saída
para a internet.

O objetivo no caso é utilizar o squid junto com o ThunderCache para
diminuir o uso da banda.
O thundercache já está funcional. Inclusive ativando as regras mesmo
com os erros ele funciona por um tempo mas depois para de funcionar.


Alguma dica?

Obrigado
Joel