[squid-users] squid with wccp on solaris from James Zhao on 2004-03-15 (squid-users)

From: James Zhao <jzhao@dont-contact.us>
Date: Mon, 15 Mar 2004 09:50:41 -0500

Hello,

I am trying to build a squid server on solaris 8 for wccp, but It doesn't
seems to work yet, here is what I did so far and I am hoping someone can
point out the problem:

1. compiled squid 2.5STABLE5 with enable-ipf-transparent, the squid is
configured so that it redirects all request to one URL,

squid.conf:

http_port 8080
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

wccp_router 167.206.45.97

cache_effective_user nobody
cache_effective_group nogroup
store_avg_object_size 2 KB

cache_dir ufs /opt/squid-2.5.STABLE5/cache 1000 16 256
cache_access_log /var/log/localhost/squid/access.log
cache_log /var/log/localhost/squid/cache.log
cache_store_log /var/log/localhost/squid/store.log
icon_directory /opt/squid-2.5.STABLE5/share/icons
error_directory /opt/squid-2.5.STABLE5/share/errors/English
mime_table /opt/squid-2.5.STABLE5/etc/mime.conf
pid_filename /opt/squid-2.5.STABLE5/logs/squid.pid
unlinkd_program /opt/squid-2.5.STABLE5/libexec/unlinkd

redirect_program /usr/local/asqredir/asqredir /usr/local/asqredir/urls.txt
redirect_children 5

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443 563 22
acl Safe_ports port 7001 80 21 22 443 563 70 210 1025-65535
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
miss_access allow all
icp_access allow all

2. installed ipf version 3.4.32

ipnat config file:

rdr bge0 0.0.0.0/0 port 80 -> 167.206.45.99 port 8080 tcp

output for ipnat -l:

#ipnat -l
List of active MAP/Redirect filters:
rdr bge0 0.0.0.0/0 port 80 -> 167.206.45.99 port 8080 tcp

List of active sessions:

The network guy told me that the cisco router sees the wccp server (my squid
server) ok and they can communicate, but when I open a web browser on a
server which connects to this cisco router, it just times out every time. It
didn't get to the redirected URL as I wanted. ( I was snooping on the squid
server and didn't see any incoming packets from the cisco router, but not
sure if the snoop works under ipf ).

Thanks for your help.

James Zhao
Received on Mon Mar 15 2004 - 07:50:54 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST