Re: [squid-users] Transparent Proxying from a Cisco

Thanks for the suggestions, I ended up getting it to work with
"httpd_accel_port 0" as was instructed in the .conf file comments. I
think my error was using a RedHat RPM for squid instead of compiling
with --enable-linux-netfilter .. once I did the custom compile, it seems
to be working great now.

Mark
------------------( Forwarded letter 1 follows )---------------------
Date: Fri, 21 Jun 2002 09:28:48 -0500
To: Mark.H.Price, squid-users@squid-cache.org
From: cwhitten@nexband.com
Reply-To: cwhitten@nexband.com
Subject: Re: [squid-users] Transparent Proxying from a Cisco

is that a typo on the httpd_accel_port 0?
it should be httpd_accel_port 80

if it isnt a typo and that is what you have in your squid.conf thats the
problem. also, what kernel are you using on the linux/squid box? what does
the output of
iptables -L -n -t nat
show and what is your exact iptables ruleset that you load?

another question, did you compile squid with the option
-enable-linux-netfilter

i just got this working in two locations this week so i am familiar with it.

On Tuesday 18 June 2002 10:35 am, Mark.H.Price@AOC.STATE.NC.US wrote:
> Hello list. I am looking for some help.
>
> I have configured a squid proxy with:
>
> httpd_accel_host virtual
> httpd_accel_port 0
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> I set http_port to 80 , and on the Cisco router that is the gateway for
> the 10.91.254.0/24 network, we added:
>
> route-map proxy-redirect permit 10
> match ip address 110
> set ip next-hop 10.91.254.24
>
> (10.91.254.24 is the squid proxy)
>
> access-list 110 deny tcp any any neq www
> access-list 110 deny tcp host 10.91.254.24 any
> access-list 110 permit tcp any any
>
> interface ethernet2/1
> ip policy route-map proxy-redirect
>
>
> But, when we tried to surf, the transparent proxy did not work for users
> on the 10.91.254.0/24 network. Any website we tried to access got no
> response.
>
> I also tried moving the squid http_port to 3128, and enabling ip_forward
> in /proc/sys/net/ipv4 and using the iptables rule mentioned in part 17 of
> the FAQ to redirect port 80 to 3128.. this didn't work either.
>
> Most of the documentation I have read only deals with a proxy
> that is on the same machine as the gateway machine.. We want to keep
> our Cisco router as the gateway for the network. We are testing this,
> and we want to deploy this configuration for about 3000+ users.
>
> I guess the next step if this doesn't work is to try wccp
>
> Any insight, suggestions, or comments would be appreciated!!
>
> Thanks
>
> Mark

--
Chad Whitten
Network/Systems Administrator
neXband Communications
cwhitten@nexband.com