Transparent proxy probs...

Hi all,

I'm trying to set up a transparent http proxy - first to evaluate how
bad it is ;-) Any experiances would be warmly recieved...

Our data is passing thrugh a cisco router that I am policy routing
to a Soalris 2.6 Sparc.

On the Sparc is ipfilter v3.2.

If I set up the nat part of ip filter to,

rdr hme0 0.0.0.0/0 port 80 -> 195.102.240.153 port finger

And telnet from a device on the other side of the cisco to the http
port of any machine I get connected to the finger port of the sparc.

All OK so far ;-)

Now, I alter the nat to,

rdr hme0 0.0.0.0/0 port 80 -> 195.102.240.153 port 81

An rung squid on port 81, with a config of, (comments greped out..)

http_port 81
icp_port 3130
hierarchy_stoplist cgi-bin ?
cache_stoplist cgi-bin ?
cache_mem 32
cache_swap 15000
maximum_object_size 16000
cache_dir /var/opt/spool/squid/cache
cache_access_log /var/opt/log/squid/access.log
cache_log /var/opt/log/squid/cache.log
cache_store_log /var/opt/log/squid/store.log
pid_filename /opt/squid/squid.pid
debug_options ALL,1
ftpget_program /opt/squid/bin/ftpget
ftpget_options -n 60 -R -W
ftp_user ftpcache@is4.u-net.net
cache_dns_program /opt/squid/bin/dnsserver
dns_children 15
unlinkd_program /opt/squid/bin/unlinkd
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443 563
acl Dangerous_ports port 7 9 19
acl CONNECT method CONNECT
http_access deny manager !localhost
http_access deny CONNECT !SSL_ports
http_access deny Dangerous_ports
http_access allow all
icp_access allow all
miss_access allow all
cache_effective_user squid sysadmin
httpd_accel virtual 80
dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu
minimum_direct_hops 4

Now when I telnet to a port 80 from the other side of the server
I get,

nas1.is4#telnet 194.119.128.80 80
Trying 194.119.128.80, 80 ... Open
GET / HTTP/1.0

HTTP/1.0 400 Cache Detected Error
Server: squid/1.1.16
Date: Fri, 21 Nov 1997 14:06:34 GMT
Expires: Fri, 21 Nov 1997 14:11:34 GMT
Last-Modified: Fri, 21 Nov 1997 14:06:34 GMT
Content-Type: text/html
Content-Length: 604

<HTML><HEAD>
<TITLE>ERROR: The requested URL could not be retrieved</TITLE></HEAD><BODY>
<H1>ERROR</H1>
<H2>The requested URL could not be retrieved</H2>
<HR>
<P>
While trying to retrieve the URL:
<A HREF="http://195.102.240.153/">http://195.102.240.153/</A><P>
The following error was encountered:
<UL>
<LI><STRONG>Connection Failed</STRONG>
</UL>

<P>The system returned:
<PRE><I> (146) Connection refused</I>
</PRE>
<P>This means that:

<PRE>
The remote site or server may be down. Please try again soon.
</PRE><P>

<HR>
<ADDRESS>Generated by squid/1.1.16@serv1.is4</ADDRESS></BODY></HTML>
[Connection to 194.119.128.80 closed by foreign host]

As you can se ethe 195.102.240.153 address is the same one that I
have translated to - ie. squid does not seem to be doing any 'clever'
lookup of the original ip address.

Looking in squid's source (squid-1.1.16/src/icp.c) line 1654) it doesn't seem
it is doing a special lookup (as per the proxy.c program in the samples
dorectory of IP Filter.)

Am I missing something here? Next sensible step would be to merge the
proxy.c code into squid and it may work then - but I can't help but feel that
is has been done before and I'm just not seeing it...

Thanks for any help,

aid

-- 
Adrian J Bool			| mailto:aid@u-net.net
Network Operations		| http://www.noc.u-net.net/
U-NET Ltd, UK			| tel://44.1925.484461/