Re: Is it possible to implement ipchains and transparent proxy in onesystem.

From: <kiran@dont-contact.us>
Date: Wed, 10 May 2000 01:52:56 +0530 (IST)

 Thank you for participating. Now I am trying to implement, WCCP in squid
 2.3 But its not working. I gone through FAQs, My configuration is as
 follows.
 
 In router (using 12.0(5)T) cisco 3640:
 
 ip wccp version 1
 ip wccp web-cache
 ip route-cache same-interface
 
 In squid 2.3:
 
 http_port 3128
 acl manager proto cache_object
 acl localhost src 127.0.0.1/255.255.255.255
 acl all src 0.0.0.0/0.0.0.0
 acl allowed_hosts src 202.65.132.0/255.255.255.0
 
 acl SSL_ports port 443 563
 acl Safe_ports port 80 21 443 563 70 210 1025-65535
 acl Safe_ports port 280 # http-mgmt
 acl Safe_ports port 488 # gss-http
 acl Safe_ports port 591 # filemaker
 acl Safe_ports port 777 # multiling http
 acl CONNECT method CONNECT
 
 http_access deny manager all
 http_access allow allowed_hosts
 #http_access allow all
 http_access deny !Safe_ports
 http_access deny CONNECT !SSL_ports
 http_access deny all
 
 (for transparent proxy)
 =========================
 httpd_accel_host virtual
 httpd_accel_port 80
 httpd_accel_with_proxy on
 httpd_accel_uses_host_header on
 
 for WCCP
 ============
 wccp_router 202.65.132.1
 
 The statistics from my router is as follows:
 
 sh ip wccp
 
 Global WCCP information:
     Router information:
         Router Identifier: 202.65.132.1
         Protocol Version: 1.0
 
     Service Identifier: web-cache
         Number of Cache Engines: 1
         Number of routers: 1
         Total Packets Redirected: 0
         Redirect access-list: -none-
         Total Packets Denied Redirect: 0
         Total Packets Unassigned: 0
         Group access-list: -none-
         Total Messages Denied to Group: 0
         Total Authentication failures: 0
 
 and IPchains in linux box (squid 2.3)
 
 Chain input (policy ACCEPT):
 target prot opt source destination ports
 REDIRECT tcp ------ anywhere anywhere any ->
 www
 => 3128
 Chain forward (policy ACCEPT):
 Chain output (policy ACCEPT):
 
> The packets are not redirecting from the router. What could be the
> problem, once again thank you for giving me mails to solve earlier
> problem.
>
> Thanks,
> Kiran
>
> On Mon, 8 May 2000, Henrik Nordstrom wrote:
>
> > Russell Mosemann wrote:
> >
> > > "httpd_accel_port 80" simply means that when squid sees a packet
> > > destined for port 80, it is supposed to accept that packet.
> >
> > No, nothing at all in that direction.
> >
> > What httpd_accel_port says is that when Squid is accelerating a request
> > the origin server listens to port 80. Transparent proxying is in Squid's
> > point of view HTTP server acceleration, the "transparency" is up to the
> > OS to provide and none of Squid's business. Squid does not care much how
> > or if requests appears to it's inbound port (default 3128). This is the
> > job of the TCP/IP implementation in the OS where Squid runs.
> >
> > --
> > Henrik Nordstrom
> > Squid hacker
> >
>
>
Received on Tue May 09 2000 - 14:21:50 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:25 MST