Squid/Cisco/Linux 2.2.x Transparent Proxy Problems

From: Chris Cheney <chris@dont-contact.us>
Date: Wed, 10 Feb 1999 08:47:05 -0600

I am having problems getting transparent proxying to work with a Cisco
AS5200 and Linux/Squid (2.1.2 and 2.2pre1). I have configured Squid
properly (I believe) and have been able to set my browser to proxy to port
80 on the squid cache which works.

Squid has the following options:

http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
(most of the other options are set to default)

I used the following ipchains command:

ipchains -I input -p tcp -d 0.0.0.0/0 80 -j REDIRECT 3128 -l
(I probably need an entry to block loops?)

I setup the AS5200 like the following:

int group-async 1
  ip policy route-map squid
route-map squid permit 10
  ip match 110
  set ip next-hop x.x.x.x (address of squid cache)
access-list 110 permit tcp any any eq www

The default gateway is set to ethernet0 and the squid cache is on the
ethernet0 segment along with the gateway router.

When I setup the AS5200 to do policy based routing it shows matches:

router#sh route-map
route-map squid, permit, sequence 10
  Match clauses:
    ip address (access-lists): 110
  Set clauses:
    ip next-hop x.x.x.x
  Policy routing matches: 0 packets, 0 bytes

(I just grabbed an example to view normally the packets/bytes are non-zero)

However I see no entries in the squid access.log or ipchains kern.log and
the browser times out trying to request the page.

Does anyone know what might be wrong with my setup?

Thanks,
Chris
Received on Wed Feb 10 1999 - 08:06:40 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:30 MST