Re: Redirecting from Cisco

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 08 Feb 1998 04:17:14 +0100

Brian wrote:

> I did *not* have my squid box (linux) compiled with ip masq options,
> forwarding or anything like that. From what i read, I guess I need to do
> this.

You only need to have firewalling compiled. You don't need masquerading
or forwarding to do transparent proxying.

> I thought I could take a normal functioning squid (which needs no
> masqing, just have there browser point to it), and do the
> redirecting on the cisco, and the squid would answer, such is not
> the case. Thanks for this info.

Well, all you can tell the cisco is to route packets to the Squid host.
Somehow you have to get the Squid box to accept the packets when they
arrive there, and hand them off to your Squid process.

Minimal Linux ipfwadm config:

# Accept all on loopback
ipfwadm -I -a accept -W lo
# Accept my own IP, to prevent loops (repeat for each interface/alias)
ipfwadm -I -a accept -D thishost 80
# Send all traffic destinated to port 80 to Squid on port 3128
ipfwadm -I -a accept -P tcp -D 0/0 80 -r 3128

---
Henrik Nordström
Sparetime Squid Hacker
Received on Sun Feb 08 1998 - 00:07:44 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:48 MST