Re: Cisco redirection working

From: Brian <signal@dont-contact.us>
Date: Fri, 13 Feb 1998 14:03:18 -0600 (CST)

On Fri, 13 Feb 1998, A.Saeed wrote:

>
> dear how do I know from squid host that my users are going from linux box.
> I have implemented it.
>
> Regards
> arshad

I don't think Im fully understanding what your asking.

Brian

>
>
> On Fri, 13 Feb 1998, Brian wrote:
>
> > On Fri, 13 Feb 1998, A.Saeed wrote:
> >
> > > when I run ipfwadm it says
> > > setsockopt failed : invalid arguments.
> > >
> > > what is the mistake ?
> >
> > Did you compile in transparent proxy support into linux?
> >
> > Are you running v2.3.0 of ipfwadm or later?
> >
> > are you root?
> >
> >
> >
> > > regards
> > > arshad
> > >
> > > On Thu, 12 Feb 1998, Brian wrote:
> > >
> > > > On Thu, 12 Feb 1998, A.Saeed wrote:
> > > >
> > > > >
> > > > > Brian what is the response of your users ?
> > > > > and how is the speed.
> > > >
> > > > I havent told them yet. Its very fast however, we see an average hit rate
> > > > of 40%, and on many sites (aol.com, geocities, microsoft, etc) we see
> > > > 80-90% hit rates, I really like this machine.
> > > >
> > > > Brian
> > > >
> > > >
> > > > > regards
> > > > > arshad
> > > > >
> > > > > On Sat, 7 Feb 1998, Brian wrote:
> > > > >
> > > > > > On Sun, 8 Feb 1998, A.Saeed wrote:
> > > > > >
> > > > > > >
> > > > > > > Could you please lemme know what is the response you are getting by
> > > > > > > implementing this idea.
> > > > > > >
> > > > > >
> > > > > > havnet told users yet, but the cache is geting hit ALOT!
> > > > > >
> > > > > > > regards
> > > > > > > arshad
> > > > > > >
> > > > > > > On Sat, 7 Feb 1998, Brian wrote:
> > > > > > >
> > > > > > > > Many thanks to the following individules and this list for helping me get
> > > > > > > > redirection and transparent proxying working on my Cisco/Linux box.
> > > > > > > >
> > > > > > > > Lincoln Dale
> > > > > > > > Riccardo Vratogna
> > > > > > > > Mark White
> > > > > > > > Henrik Nordstrom
> > > > > > > >
> > > > > > > >
> > > > > > > > First, here is what I added to my Cisco:
> > > > > > > >
> > > > > > > > !
> > > > > > > > interface Ethernet0
> > > > > > > > description To Office Ethernet
> > > > > > > > ip address 208.206.76.1 255.255.255.0
> > > > > > > > no ip directed-broadcast
> > > > > > > > no ip mroute-cache
> > > > > > > > ip policy route-map proxy-redir
> > > > > > > > !
> > > > > > > > access-list 110 deny tcp host 208.206.76.44 any eq www
> > > > > > > > access-list 110 permit tcp any any eq www
> > > > > > > > route-map proxy-redir permit 10
> > > > > > > > match ip address 110
> > > > > > > > set ip next-hop 208.206.76.44
> > > > > > > >
> > > > > > > >
> > > > > > > > My squid box runs Linux, so I had to do the following on it:
> > > > > > > >
> > > > > > > > my kernel (2.0.33) config looks like this:
> > > > > > > >
> > > > > > > > #
> > > > > > > > # Networking options
> > > > > > > > #
> > > > > > > > CONFIG_FIREWALL=y
> > > > > > > > # CONFIG_NET_ALIAS is not set
> > > > > > > > CONFIG_INET=y
> > > > > > > > CONFIG_IP_FORWARD=y
> > > > > > > > CONFIG_IP_MULTICAST=y
> > > > > > > > CONFIG_SYN_COOKIES=y
> > > > > > > > # CONFIG_RST_COOKIES is not set
> > > > > > > > CONFIG_IP_FIREWALL=y
> > > > > > > > # CONFIG_IP_FIREWALL_VERBOSE is not set
> > > > > > > > CONFIG_IP_MASQUERADE=y
> > > > > > > > # CONFIG_IP_MASQUERADE_IPAUTOFW is not set
> > > > > > > > CONFIG_IP_MASQUERADE_ICMP=y
> > > > > > > > CONFIG_IP_TRANSPARENT_PROXY=y
> > > > > > > > CONFIG_IP_ALWAYS_DEFRAG=y
> > > > > > > > # CONFIG_IP_ACCT is not set
> > > > > > > > CONFIG_IP_ROUTER=y
> > > > > > > >
> > > > > > > >
> > > > > > > > Then some ipfwadm stuff, redirecting
> > > > > > > >
> > > > > > > > ipfwadm -I -a accept -r -P tcp -S 208.206.76.0/24 -D any/0 www
> > > > > > > > ipfwadm -I -a accept -r -P tcp -S 208.214.44.0/24 -D any/0 www
> > > > > > > > ipfwadm -I -a accept -r -P tcp -S 208.214.45.0/24 -D any/0 www
> > > > > > > > ipfwadm -I -a accept -r -P tcp -S 208.232.62.0/24 -D any/0 www
> > > > > > > > ipfwadm -I -a accept -r -P tcp -S 208.232.63.0/24 -D any/0 www
> > > > > > > >
> > > > > > > > (the above networks are our users dial-in pools, and our lan)
> > > > > > > >
> > > > > > > >
> > > > > > > > and the squid is configured as:
> > > > > > > >
> > > > > > > > http_port 80
> > > > > > > > icp_port 3130
> > > > > > > > httpd_accel virtual 80
> > > > > > > > httpd_accel_with_proxy on
> > > > > > > >
> > > > > > > >
> > > > > > > > This works great. Many thanks.
> > > > > > > >
> > > > > > > > Brian
> > > > > > > >
> > > > > > > >
> > > > > > > > /-------------------------- signal@shreve.net -----------------------------\
> > > > > > > > | Brian Feeny | USR TC Hubs | ShreveNet Inc. (318)222-2638 |
> > > > > > > > | Network Administrator | Perl, Linux | Web hosting, online stores, |
> > > > > > > > | ShreveNet Inc. | USR Pilot | Dial-Up 14.4-56k, ISDN & LANs |
> > > > > > > > | 89 CRX DX w/MPFI, lots of |-=*:Quake:*=-| http://www.shreve.net/ |
> > > > > > > > | mods/Homepage coming soon |LordSignal/SN| Quake server: 208.206.76.47 |
> > > > > > > > \-------------------------- 318-222-2638 x109 -----------------------------/
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > > /-------------------------- signal@shreve.net -----------------------------\
> > > > > > | Brian Feeny | USR TC Hubs | ShreveNet Inc. (318)222-2638 |
> > > > > > | Network Administrator | Perl, Linux | Web hosting, online stores, |
> > > > > > | ShreveNet Inc. | USR Pilot | Dial-Up 14.4-56k, ISDN & LANs |
> > > > > > | 89 CRX DX w/MPFI, lots of |-=*:Quake:*=-| http://www.shreve.net/ |
> > > > > > | mods/Homepage coming soon |LordSignal/SN| Quake server: 208.206.76.47 |
> > > > > > \-------------------------- 318-222-2638 x109 -----------------------------/
> > > > > >
> > > > > >
> > > > >
> > > >
> > > > /-------------------------- signal@shreve.net -----------------------------\
> > > > | Brian Feeny | USR TC Hubs | ShreveNet Inc. (318)222-2638 |
> > > > | Network Administrator | Perl, Linux | Web hosting, online stores, |
> > > > | ShreveNet Inc. | USR Pilot | Dial-Up 14.4-56k, ISDN & LANs |
> > > > | 89 CRX DX w/MPFI, lots of |-=*:Quake:*=-| http://www.shreve.net/ |
> > > > | mods/Homepage coming soon |LordSignal/SN| Quake server: 208.206.76.47 |
> > > > \-------------------------- 318-222-2638 x109 -----------------------------/
> > > >
> > > >
> > >
> >
> > /-------------------------- signal@shreve.net -----------------------------\
> > | Brian Feeny | USR TC Hubs | ShreveNet Inc. (318)222-2638 |
> > | Network Administrator | Perl, Linux | Web hosting, online stores, |
> > | ShreveNet Inc. | USR Pilot | Dial-Up 14.4-56k, ISDN & LANs |
> > | 89 CRX DX w/MPFI, lots of |-=*:Quake:*=-| http://www.shreve.net/ |
> > | mods/Homepage coming soon |LordSignal/SN| Quake server: 208.206.76.47 |
> > \-------------------------- 318-222-2638 x109 -----------------------------/
> >
> >
>

/-------------------------- signal@shreve.net -----------------------------\
| Brian Feeny | USR TC Hubs | ShreveNet Inc. (318)222-2638 |
| Network Administrator | Perl, Linux | Web hosting, online stores, |
| ShreveNet Inc. | USR Pilot | Dial-Up 14.4-56k, ISDN & LANs |
| 89 CRX DX w/MPFI, lots of |-=*:Quake:*=-| http://www.shreve.net/ |
| mods/Homepage coming soon |LordSignal/SN| Quake server: 208.206.76.47 |
\-------------------------- 318-222-2638 x109 -----------------------------/
Received on Fri Feb 13 1998 - 12:31:44 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:53 MST