[squid-users] Transparent Proxying from a Cisco

From: <Mark.H.Price@dont-contact.us>
Date: Tue, 18 Jun 2002 11:35:00 -0400

Hello list. I am looking for some help.

I have configured a squid proxy with:

httpd_accel_host virtual
httpd_accel_port 0
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

I set http_port to 80 , and on the Cisco router that is the gateway for
the 10.91.254.0/24 network, we added:

route-map proxy-redirect permit 10
match ip address 110
set ip next-hop 10.91.254.24

(10.91.254.24 is the squid proxy)

access-list 110 deny tcp any any neq www
access-list 110 deny tcp host 10.91.254.24 any
access-list 110 permit tcp any any

interface ethernet2/1
ip policy route-map proxy-redirect

But, when we tried to surf, the transparent proxy did not work for users
on the 10.91.254.0/24 network. Any website we tried to access got no
response.

I also tried moving the squid http_port to 3128, and enabling ip_forward
in /proc/sys/net/ipv4 and using the iptables rule mentioned in part 17 of
the FAQ to redirect port 80 to 3128.. this didn't work either.

Most of the documentation I have read only deals with a proxy
that is on the same machine as the gateway machine.. We want to keep
our Cisco router as the gateway for the network. We are testing this,
and we want to deploy this configuration for about 3000+ users.

I guess the next step if this doesn't work is to try wccp

Any insight, suggestions, or comments would be appreciated!!

Thanks

Mark
Received on Tue Jun 18 2002 - 09:39:08 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:43 MST