Squid3 transparent proxy - icmp_sock: (1) Operation not permitted
-
Hey. i have installed Squid3 and made it caching my lan interface with transparent proxy, but i am getting this error log and can't figure out what i haveto correct to make it work. I m still pretty new in the pfsense world ;)
but the cache folders are up and the logs are working. i am only having an ipv4 connection so it make good sense that it can't connect to ICMPv6
| 2015/03/13 19:09:15 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1…
2015/03/13 19:09:16| pinger: Initialising ICMP pinger ...
2015/03/13 19:09:16| icmp_sock: (1) Operation not permitted
2015/03/13 19:09:16| pinger: Unable to start ICMP pinger.
2015/03/13 19:09:16| icmp_sock: (1) Operation not permitted
2015/03/13 19:09:16| pinger: Unable to start ICMPv6 pinger.
2015/03/13 19:09:16| FATAL: pinger: Unable to open any ICMP sockets. | -
I have similar issues. Perhaps mine is related in some way?
2015/03/14 13:09:15| FATAL: pinger: Unable to open any ICMP sockets. 2015/03/14 13:19:32 kid1| Could not parse headers from on disk object 2015/03/14 14:09:47 kid1| Select loop Error. Retry 1 2015/03/14 15:01:11 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1... 2015/03/14 15:01:12| pinger: Initialising ICMP pinger ... 2015/03/14 15:01:12| icmp_sock: (1) Operation not permitted 2015/03/14 15:01:12| pinger: Unable to start ICMP pinger. 2015/03/14 15:01:12| icmp_sock: (1) Operation not permitted 2015/03/14 15:01:12| pinger: Unable to start ICMPv6 pinger. 2015/03/14 15:01:12| FATAL: pinger: Unable to open any ICMP sockets.At 15:01:08, squid had an outage lasting a few seconds:
Mar 14 15:01:08 squid[11844]: Squid Parent: (squid-1) process 26006 exited due to signal 4 with status 0 Mar 14 15:01:11 squid[11844]: Squid Parent: (squid-1) process 3335 startedI disabled access.log logging to see if it was a log file issue, but that doesn't seem to be the case…
This cache server is under decent load, it's doing 25 requests per second and 7 cache hits per second even during slow times.
Perhaps we are exhausting sockets?
-
I have similar issues. Perhaps mine is related in some way?
2015/03/14 13:09:15| FATAL: pinger: Unable to open any ICMP sockets. 2015/03/14 13:19:32 kid1| Could not parse headers from on disk object 2015/03/14 14:09:47 kid1| Select loop Error. Retry 1 2015/03/14 15:01:11 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1... 2015/03/14 15:01:12| pinger: Initialising ICMP pinger ... 2015/03/14 15:01:12| icmp_sock: (1) Operation not permitted 2015/03/14 15:01:12| pinger: Unable to start ICMP pinger. 2015/03/14 15:01:12| icmp_sock: (1) Operation not permitted 2015/03/14 15:01:12| pinger: Unable to start ICMPv6 pinger. 2015/03/14 15:01:12| FATAL: pinger: Unable to open any ICMP sockets.At 15:01:08, squid had an outage lasting a few seconds:
Mar 14 15:01:08 squid[11844]: Squid Parent: (squid-1) process 26006 exited due to signal 4 with status 0 Mar 14 15:01:11 squid[11844]: Squid Parent: (squid-1) process 3335 startedI disabled access.log logging to see if it was a log file issue, but that doesn't seem to be the case…
This cache server is under decent load, it's doing 25 requests per second and 7 cache hits per second even during slow times.
Perhaps we are exhausting sockets?
I must admit i don't know if it is realted but i have my doubts, but if you can tell/guide me then i can tell you my cache load so we can see if it is the same
-
This has something to do with AV scanning / c-icap.
If you disable AV scanning the error is gone.
I'm investigating on it …
-
In Proxy General Config check "Disable ICMP", then enable AV scanning, go to Services and restart c-icap.
Then my setup with transparent AV scanning works.
-
today, I installed 2.2.2 to a hard drive from the .iso, and then restored a backup from 2.1.5. I was getting the same 'Operation not permitted' and 'Unable to start ICMP pinger.' errors in the logs.
-
Because "Disable Ping" wasn't available in 2.1?