Re: Transparent proxying woes (IOS 11.1(12) on a 4500) from Ahsan Khan on 2000-06-12 (squid-users)

From: Ahsan Khan <ahsank@dont-contact.us>
Date: Mon, 12 Jun 2000 21:47:30 +0500

Please Let me know the Access list ??? What are commands there is it eq or
neq.?

With Regards
Ahsan Khan
Sr. System Admin
Internet Division (OneNet)
Sun Communication Pvt. Ltd.
Pakistan
http://www.one.net.pk

----- Original Message -----
From: "Chris Tilbury" <Chris.Tilbury@warwick.ac.uk>
To: <squid-users@ircache.net>
Sent: Monday, June 12, 2000 7:12 PM
Subject: Transparent proxying woes (IOS 11.1(12) on a 4500)

>
> Wonder if anyone out there can help.
>
> We're trying to get transparent proxying working here with our squid
> installation - 2.2.STABLE5 + henriks patches on a Sun box (SunOS 5.7).
Squid
> is compiled fine with the ipf-transparent option and we have ipf 3.3.16
> loaded up and redirecting via NAT just fine. If I set the default route on
a
> machine to be the squid box, it accepts packets on port 80 and redirects
> them to port 3128, which squid then correctly proccesses.
>
> The problem we're having is in getting those packets to squid in the first
> place, as we can't really set the machine up as our campus default router!
> We have a CISCO box running IOS 11.1(12) and have a policy route-map
> configured as follows:
>
> route-map proxy-redirect permit 10
> match ip address 120
> set ip next-hop 137.205.8.1
>
> This is matching packets (we can tell from the counters) just fine.
However,
> it seems to just be sending ICMP Redirect messages back to clients telling
> them to go to 137.205.8.1, which is not quite what I expected (which is
for
> the packets just to be sent on there by the CISCO). It also doesn't help
> much, because not many things appear to cope with these. My Windows PC
seems
> to ignore them, at least.
>
> Assuming this isn't what's supposed to happen, any CISCO wizards out there
> having done this before have any idea what could be going on here? The
> online docs for this topic at cisco.com talk about packets being only sent
> on to "adjacenct" routers, which is a bit above my head ....
>
>
>
>
>
>
> Chris
>
> --
> Chris Tilbury, IT Services, University of Warwick, Coventry, UK
> PHONE: 024 7652 3365 / FAX: 024 7652 2367 / MAIL:
> Chris.Tilbury@warwick.ac.uk
>
Received on Mon Jun 12 2000 - 10:45:04 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:00 MST