Re: Extremely Transparent Proxy

No do not use wccp.c module its not practical for me atlease i used ip_gre.c
patch for Linux Kernel available form squid home page.

first apply the patch and make your linux to be ready for Transparent proxy.
and then just compile the squid with wccp support. it will work great.

With Regards
Ahsan Khan
Sr. System Admin
Internet Division (OneNet)
Sun Communication Pvt. Ltd.
Pakistan
http://www.one.net.pk

----- Original Message -----
From: "Diegmueller, Jason (I.T. Dept)" <diegmuej@stifel.com>
To: "'Ahsan Khan'" <ahsank@one.net.pk>
Sent: Friday, June 02, 2000 1:27 AM
Subject: RE: Extremely Transparent Proxy

> Ah, you're right. I like the looks to WCCP, and it doesn't
> appear to be harming the load on the RSM at all.
>
> Question, though: I'm running Linux (2.2.14) and cannot get
> this damned WCCP module referred to in the FAQ to compile. Is
> there a precompiled module I could just insert?
>
> The problem seems to be in the #include <net/ip.h> (there is
> not ip.h under /usr/include/ip.h) so I went ahead and changed
> it to <netinet/ip.h> (where the file really is) and no go.
>
> Your thoughts?
>
> : -----Original Message-----
> : From: Ahsan Khan [mailto:ahsank@one.net.pk]
> : Sent: Wednesday, May 31, 2000 3:56 PM
> : To: Diegmueller, Jason (I.T. Dept); squid-users@ircache.net
> : Subject: Re: Extremely Transparent Proxy
> :
> :
> : WCCP Support and bind the squid with Both Interfaces.
> :
> :
> : With Regards
> : Ahsan Khan
> : Sr. System Admin
> : Internet Division (OneNet)
> : Sun Communication Pvt. Ltd.
> : Pakistan
> : http://www.one.net.pk
> :
> :
> : ----- Original Message -----
> : From: "Diegmueller, Jason (I.T. Dept)" <diegmuej@stifel.com>
> : To: <squid-users@ircache.net>
> : Sent: Thursday, June 01, 2000 12:39 AM
> : Subject: Extremely Transparent Proxy
> :
> :
> : > Squid Users--
> : >
> : > I have searched the archives, and can't seem to find anyone
> : else who has
> : > looked at doing thing.
> : >
> : > I'm reasonably familiar with squid, and extremely familiar
> : with Linux.
> : > The other day, I spent a few minutes setting up a
> : Transparent Proxy. It
> : > worked great in testing, I'm now looking at things from a
> : network design
> : > aspect.
> : >
> : > Our company is looking in to putting a squid machine in
> : front of a HEAVILY
> : > loaded web server ("Intranet Server"). The web server
> : connects directly
> : > to a Cisco Catalyst 5505 switch with both NICs utilizing
> : HP's EtherChannel
> : > implementation ("EtherTeaming"). This effectively doubles
> : bandwidth and
> : > provides hardware fault tolerance in a way on both the
> : Catalyst (should a
> : > port go) and on the server (should a NIC go).
> : >
> : > My original plan (before I started really looking to squid as a
> : transparent
> : > proxy) was to utilize Linux's bonding driver to achieve
> : 200Mb to the Linux
> : > box, and 200Mb to the HP Server (thus, 4 NICs). Unfortunately, I'm
> : limited
> : > to only one instance of the bonding.o driver. So I'll just
> : do 200Mb to
> : the
> : > switch, and 100Mb to the server. Not too big of a deal.
> : If someone knows
> : a
> : > workaround, let me know.
> : >
> : > The question comes in here:
> : > If I'm using a two-interface solution, obviously I'm going
> : to have to
> : route
> : > between the "outside" and the "inside" interface. If I do this, I'm
> : > seriously
> : > messing with addressing scheme of things here. I'd have to
> : create a whole
> : > new IP network for this Intranet server, and somehow
> : advetise it to the
> : rest
> : > of my network (we use EIGRP, so I'd probably have to use zebra and
> : > redistribute RIPv2 in to EIGRP) .. it would be ugly.
> : >
> : > Another option I thought was that I could renumber the
> : Intranet box, do
> : > ipmasq, and simply forward every single port to the
> : Intranet machine. But
> : > again, that's reasonably "ugly".
> : >
> : > So is there any "clean" way to implement an almost
> : INVISIBLE proxy server?
> : > Perhaps do bridging between the "outisde" and "inside"
> : iterfaces, but
> : still
> : > have the ability to hijack requests to TCP port 80 and
> : deliver them to
> : > squid?
> : > Has anyone done anything like this before? If so, do
> : share. If not,
> : think
> : > I'm on the right path? Does this sound feasible?
> : >
> : > I'd just like to implement a squid proxy WITHOUT having to
> : redesign a lot
> : > of things (and in the process piss of the systems team). I
> : considered
> : doing
> : > a route-map on the Cat5505's RSM but when I was playing
> : around with that
> : > yesterday load went through the roof (this is an awfully
> : busy Catalyst).
> : >
> : > Insight, thoughts, and expertise is appreciated. Thanks!
> : >
> :
>
Received on Thu Jun 01 2000 - 15:52:28 MDT