Re: Transparent proxy

From: Lincoln Dale <>
Date: Fri, 30 Jan 1998 08:14:49 +0800

>We tried transparent proxying with Cisco's here and the result was 'no
>way'. We have a service contract with Cisco and when attempting to
>configure as per the instructions in the FAQ, we got stumped.
>Upon consulting Cisco, they stated that there was no way this approach to
>transparent proxying would work, mentioning something about the
>router clobbering the packet header in such a way that Squid couldnt deal
>with it.

err, i don't see why it wouldn't work? you can do it via
policy-based-routing. note that policy-based-routing is
process-switched within a cisco, so _does_not_scale_.

you'd configure your squid and unix host for transparent
operation and masquerading, and use a configuration like:

   interface serial0
    ip policy route-map send_to_proxy
   route-map send_to_proxy
    match ip address 101
    set next-hop
   access-list 101 deny ip host any
   access-list 101 permit tcp any any eq 80

(assumptions: is the ip address of your cache. it is
directly-connected to this border router. serial0 is your
link to the internet).

what this does is any packets not coming from the proxy, but
destined to go out to the internet via serial0 will be forwarded
to the proxy.

note that anything that doesn't match the policy statement will
be routed out serial0 as normal.


Received on Thu Jan 29 1998 - 16:16:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:34 MST