Re: [squid-users] Transparent Proxying from a Cisco

The conf file only says

        If you want virtual port support then specify the port as "0".

I don't see where you made the connection between virtual port support
and transparent proxying. The two are quite different things. But
sure, enabling virtual port support may work for some transparent
proxy setups but is only needed if you redirect more ports than port
80 to the proxy...

Regards
Henrik

On Friday 21 June 2002 16.33, Mark.H.Price@AOC.STATE.NC.US wrote:
> Thanks for the suggestions, I ended up getting it to work with
> "httpd_accel_port 0" as was instructed in the .conf file comments.
> I think my error was using a RedHat RPM for squid instead of
> compiling with --enable-linux-netfilter .. once I did the custom
> compile, it seems to be working great now.
>
> Mark
> ------------------( Forwarded letter 1 follows
> )--------------------- Date: Fri, 21 Jun 2002 09:28:48 -0500
> To: Mark.H.Price, squid-users@squid-cache.org
> From: cwhitten@nexband.com
> Reply-To: cwhitten@nexband.com
> Subject: Re: [squid-users] Transparent Proxying from a Cisco
>
> is that a typo on the httpd_accel_port 0?
> it should be httpd_accel_port 80
>
> if it isnt a typo and that is what you have in your squid.conf
> thats the problem. also, what kernel are you using on the
> linux/squid box? what does the output of
> iptables -L -n -t nat
> show and what is your exact iptables ruleset that you load?
>
> another question, did you compile squid with the option
> -enable-linux-netfilter
>
> i just got this working in two locations this week so i am familiar
> with it.
>
> On Tuesday 18 June 2002 10:35 am, Mark.H.Price@AOC.STATE.NC.US
wrote:
> > Hello list. I am looking for some help.
> >
> > I have configured a squid proxy with:
> >
> > httpd_accel_host virtual
> > httpd_accel_port 0
> > httpd_accel_with_proxy on
> > httpd_accel_uses_host_header on
> >
> > I set http_port to 80 , and on the Cisco router that is the
> > gateway for the 10.91.254.0/24 network, we added:
> >
> > route-map proxy-redirect permit 10
> > match ip address 110
> > set ip next-hop 10.91.254.24
> >
> > (10.91.254.24 is the squid proxy)
> >
> > access-list 110 deny tcp any any neq www
> > access-list 110 deny tcp host 10.91.254.24 any
> > access-list 110 permit tcp any any
> >
> > interface ethernet2/1
> > ip policy route-map proxy-redirect
> >
> >
> > But, when we tried to surf, the transparent proxy did not work
> > for users on the 10.91.254.0/24 network. Any website we tried to
> > access got no response.
> >
> > I also tried moving the squid http_port to 3128, and enabling
> > ip_forward in /proc/sys/net/ipv4 and using the iptables rule
> > mentioned in part 17 of the FAQ to redirect port 80 to 3128..
> > this didn't work either.
> >
> > Most of the documentation I have read only deals with a proxy
> > that is on the same machine as the gateway machine.. We want to
> > keep our Cisco router as the gateway for the network. We are
> > testing this, and we want to deploy this configuration for about
> > 3000+ users.
> >
> > I guess the next step if this doesn't work is to try wccp
> >
> > Any insight, suggestions, or comments would be appreciated!!
> >
> > Thanks
> >
> > Mark
Received on Fri Jun 21 2002 - 15:58:40 MDT