On Sun, 8 Feb 1998, Graham Somers wrote:
> Hi
>
> If you could take the time to give a short rundown on your steps to
> getting your Cisco redirection working I, and I'm sure others, would
> appreciate it. I have been following the topic but seem to have left
> out something vital.
>
> Thanks
>
> Graham
Once all the quirks are worked out, I will :). Henrik was informing me of
some issues with my packet filters, and once he and the others say "should
be ok" I will post a complete rundown to benefit all.
Brian
>
>
> > Many thanks to the following individules and this list for helping me get
> > redirection and transparent proxying working on my Cisco/Linux box.
> >
> > Lincoln Dale
> > Riccardo Vratogna
> > Mark White
> > Henrik Nordstrom
> >
> >
> > First, here is what I added to my Cisco:
> >
> > !
> > interface Ethernet0
> > description To Office Ethernet
> > ip address 208.206.76.1 255.255.255.0
> > no ip directed-broadcast
> > no ip mroute-cache
> > ip policy route-map proxy-redir
> > !
> > access-list 110 deny tcp host 208.206.76.44 any eq www
> > access-list 110 permit tcp any any eq www
> > route-map proxy-redir permit 10
> > match ip address 110
> > set ip next-hop 208.206.76.44
> >
> >
> > My squid box runs Linux, so I had to do the following on it:
> >
> > my kernel (2.0.33) config looks like this:
> >
> > #
> > # Networking options
> > #
> > CONFIG_FIREWALL=y
> > # CONFIG_NET_ALIAS is not set
> > CONFIG_INET=y
> > CONFIG_IP_FORWARD=y
> > CONFIG_IP_MULTICAST=y
> > CONFIG_SYN_COOKIES=y
> > # CONFIG_RST_COOKIES is not set
> > CONFIG_IP_FIREWALL=y
> > # CONFIG_IP_FIREWALL_VERBOSE is not set
> > CONFIG_IP_MASQUERADE=y
> > # CONFIG_IP_MASQUERADE_IPAUTOFW is not set
> > CONFIG_IP_MASQUERADE_ICMP=y
> > CONFIG_IP_TRANSPARENT_PROXY=y
> > CONFIG_IP_ALWAYS_DEFRAG=y
> > # CONFIG_IP_ACCT is not set
> > CONFIG_IP_ROUTER=y
> >
> >
> > Then some ipfwadm stuff, redirecting
> >
> > ipfwadm -I -a accept -r -P tcp -S 208.206.76.0/24 -D any/0 www
> > ipfwadm -I -a accept -r -P tcp -S 208.214.44.0/24 -D any/0 www
> > ipfwadm -I -a accept -r -P tcp -S 208.214.45.0/24 -D any/0 www
> > ipfwadm -I -a accept -r -P tcp -S 208.232.62.0/24 -D any/0 www
> > ipfwadm -I -a accept -r -P tcp -S 208.232.63.0/24 -D any/0 www
> >
> > (the above networks are our users dial-in pools, and our lan)
> >
> >
> > and the squid is configured as:
> >
> > http_port 80
> > icp_port 3130
> > httpd_accel virtual 80
> > httpd_accel_with_proxy on
> >
> >
> > This works great. Many thanks.
> >
> > Brian
> >
> >
> > /-------------------------- signal@shreve.net -----------------------------\
> > | Brian Feeny | USR TC Hubs | ShreveNet Inc. (318)222-2638 |
> > | Network Administrator | Perl, Linux | Web hosting, online stores, |
> > | ShreveNet Inc. | USR Pilot | Dial-Up 14.4-56k, ISDN & LANs |
> > | 89 CRX DX w/MPFI, lots of |-=*:Quake:*=-| http://www.shreve.net/ |
> > | mods/Homepage coming soon |LordSignal/SN| Quake server: 208.206.76.47 |
> > \-------------------------- 318-222-2638 x109 -----------------------------/
> >
> >
> >
>
> Graham Somers
> Systems Administrator
> ICON Internet
> gsomers@icon.co.zw
> http://www.icon.co.zw
> Cell 111 20 20 83
>
/-------------------------- signal@shreve.net -----------------------------\
| Brian Feeny | USR TC Hubs | ShreveNet Inc. (318)222-2638 |
| Network Administrator | Perl, Linux | Web hosting, online stores, |
| ShreveNet Inc. | USR Pilot | Dial-Up 14.4-56k, ISDN & LANs |
| 89 CRX DX w/MPFI, lots of |-=*:Quake:*=-| http://www.shreve.net/ |
| mods/Homepage coming soon |LordSignal/SN| Quake server: 208.206.76.47 |
\-------------------------- 318-222-2638 x109 -----------------------------/
Received on Sun Feb 08 1998 - 08:52:59 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:49 MST