[SOLVED] Error with squid as transparent proxy: "commBind: Cannot bind socket FD X to X.X.X.X"

GlowingApple · 04-05-2015, 03:22 PM

I have squid set up on my router (asus-rt-ac68u running asus-merlin) as a transparent proxy. Squid starts up without error and everything seems to be work well from the client side, but my squid debug logs are peppered with error messages:

Code:

commBind: Cannot bind socket FD XX to X.X.X.X: (99) Cannot assign requested address

The socket number changes, but the IP address always seems to be whatever external IP I am accessing through the transparent proxy. Every web page I visit I get about 15 to 20 of these error messages.

If I set up squid as a regular proxy I don't see them, so I assume it has something to do with the way iptables is set up?

In my squid (version 3.4.11) conf I'm using:

Code:

http_port 10.0.0.1:3129 intercept
http_port 10.0.0.1:80 accel

and for iptables, to the existing tables my router generates I'm adding:

Code:

iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3129

Any idea what I need to change to stop these error messages?

Thanks!

GlowingApple · 04-05-2015, 04:12 PM

Well looks like the issue is something with my squid.conf... I had copied parts of conf files from a few sources when I was setting up my proxy and must have had some settings that didn't play well.

I commented out the lines that I don't think I need and it seems to be working fine now. I'll have to look into my conf file more carefully and make sure I don't have anything else amiss. Here's my file now, with lines commented out:

Code:

cache_effective_user nobody
cache_mgr email@domain.com
visible_hostname hostname

#ipcache_size 2048
#cache_swap_low 90
#cache_swap_high 95
#maximum_object_size_in_memory 100 KB
#cache_mem 16 MB

cache_dir ufs /opt/var/squid/cache 400 16 256

logfile_rotate 10
#fqdncache_size 2048
#memory_pools off
#maximum_object_size 16384 KB
#quick_abort_min 0 KB
#quick_abort_max 0 KB
log_icp_queries off
#client_db off
buffered_logs on
#half_closed_clients off
#negative_dns_ttl 10 second
#connect_timeout 60 second
#read_timeout 80 second
#request_timeout 80 second

logfile_daemon /sbin/syslogd
access_log stdio:/opt/var/log/squid/access
cache_log /opt/var/log/squid/debug

#hierarchy_stoplist on

http_port 10.0.0.1:3129 intercept
http_port 10.0.0.1:80 accel

acl idents ident REQUIRED
acl intern dst 10.0.0.0/24
acl FTP proto FTP
always_direct allow FTP

#acl yourLAN src 10.0.0.0/24

#http_access allow idents
http_access allow all
#http_access allow intern
#http_access deny manager all
#http_access allow yourLAN
#http_access deny all
#icp_access deny all
#miss_access allow all
#always_direct allow intern

Commenting out some of the http_access lines toward the bottom seemed to have fixed things. Not sure what the problem was, but thought I'd follow-up in case anyone else runs into a similar issue!