Re: Need help to do transparent proxying

From: Clifton Royston <cliftonr@dont-contact.us>
Date: Fri, 16 Jul 1999 14:49:01 -1000 (HST)

Danny Sinang writes:
> route-map proxy-redirect permit 10
...

  I can't comment on the Cisco config because I haven't set a Cisco up
for proxy before.

> I've configured Squid as follows :
>
> http_port 3128 80
> httpd_accel_server virtual
> httpd_accel_port 8080
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on

Two lines in this part is wrong. The http_port should be just 3128 (if
that's what you're using) and the httpd_accel_port should be 80. Now
see below...

>
>
> QUESTIONS :
>
> 1. Do I need to run ipfwadm ?

Yes, or the equivalent.

The simplest forwarding rules I've seen for Linux are the one given in
FAQ section 17.4:
<http://squid.nlanr.net/Squid/FAQ/FAQ-17.html#ss17.4>

        # Accept all on loopback
        ipfwadm -I -a accept -W lo
        # Accept my own IP, to prevent loops (repeat for each
interface/alias)
        ipfwadm -I -a accept -P tcp -D 208.206.76.44 80
        # Send all traffic destined to port 80 to Squid on port 3128
        ipfwadm -I -a accept -P tcp -D 0/0 80 -r 3128

> 2. Do I need to recompile my kernel ?

If it wasn't built with forwarding enabled, yes.

> 3. What else do I need to do ?

Test - that should be it.
  -- Clifton

-- 
 Clifton Royston  --  LavaNet Systems Architect --  cliftonr@lava.net
        "An absolute monarch would be absolutely wise and good.  
           But no man is strong enough to have no interest.  
             Therefore the best king would be Pure Chance.  
              It is Pure Chance that rules the Universe; 
          therefore, and only therefore, life is good." - AC
Received on Fri Jul 16 1999 - 18:25:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:26 MST