On Tue, 13 Aug 2002, Sahil Gupta - Net4U Limited wrote:
> route-map proxy, permit, sequence 10
> Match clauses:
> ip address (access-lists): 110
> Set clauses:
> ip next-hop 210.54.149.172
> Policy routing matches: 4055 packets, 617859 bytes
That looks about like my generic route-maps, although I'm not using them
for transparent proxy... Just vanilla policy-based routing. I assume the
extended ACL '110' only matches ports your proxy is capable of handling
from your origin networks.
> However, whilst listening to port 80 or port 3128 on the proxy I see
> nothing. Yet, when I specify the proxy server's ip in the browser, I see
> lots of stuff in netstat and tcpdump.
Does tcpdump on the machine show anything to any ports? I.e. Other than
80/3128?
From Cisco's whitepaper,
http://www.cisco.com/warp/public/cc/techno/protocol/tech/plicy_wp.htm
It may be useful to specify Null0 in an interface list, so that packets
that are dropped can be easily monitored. Take a look at this URL,
http://www.cisco.com/warp/public/105/36.html
Specifically useful,
debug ip packet 110 detail
debug ip policy
This should allow you to see if 'the right thing' is being done on the
router. As usual, be careful with debug commands on production routers...
Play with this in a lab. :)
Good luck,
-Mike
-- "Information is not knowledge, Knowledge is not wisdom, Wisdom is not truth, Truth is not beauty, Beauty is not Love, Love is not music and Music is THE BEST." --Frank ZappaReceived on Tue Aug 13 2002 - 17:43:32 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:36 MST