[squid-users] Wccp/ transparent proxy/ gmail from Santos, Ruben on 2007-11-07 (squid-users)

From: Santos, Ruben <rsantos@dont-contact.us>
Date: Wed, 7 Nov 2007 14:18:10 -0800

We recently deployed a squid server with tproxy and wccp. I followed some of
the steps listed at
http://wiki.squid-cache.org/ConfigExamples/FullyTransparentWithTPROXY,
compiling tproxy support on iptables, squid, and recompiling the linux
kernel with tproxy support. We able to browse all sites with, but receive
timeouts after logging into gmail or hotmail. Yahoo mail seems to works.

Can anyone point me in the right direction, and tell me what I may be doing
wrong. BTW, we are using PIX for wccp, and have compiled ip_wccp.

Squid Conf:

debug_options ALL,1
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts
log_fqdn on
cache_dir ufs /var/spool/squid 2048 16 256
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl EDN src X.X.X.X/X
acl all src 0.0.0.0/0.0.0.0
acl CONNECT method CONNECT
visible_hostname mirror2.pelco.org
http_access allow all
http_reply_access allow all

visible_hostname mirror2.pelco.org
coredump_dir /var/spool/squid
always_direct allow all
# memory mgmt ----------
#cache_mem 100 MB
#maximum_object_size 10 MB
#-----------------------
cache_effective_user squid

# WCCP
wccp2_router x.x.x.x
wccp2_service standard 0

iptables:
iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j TPROXY
--on-port 3128

Confidentiality Notice:
The information contained in this transmission is legally
privileged and confidential, intended only for the use of the
individual(s) or entities named above. This email and any files
transmitted with it are the property of Pelco. If the reader of
this message is not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient,
you are hereby notified that any review, disclosure, copying,
distribution, retention, or any action taken or omitted to be taken
in reliance on it is prohibited and may be unlawful. If you receive
this communication in error, please notify us immediately by
telephone call to +1-559-292-1981 or forward the e-mail to
administrator@pelco.com and then permanently delete the e-mail and
destroy all soft and hard copies of the message and any
attachments. Thank you for your cooperation.

application/pkcs7-signature attachment: stored

Received on Wed Nov 07 2007 - 15:18:40 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST