transparent squid on Solaris+cisco.

From: CyberPsychotic <mlists@dont-contact.us>
Date: Fri, 27 Nov 1998 12:46:16 +0500 (KGT)

Hello people,
 here I am trying to configure transparent proxy on solaris machine, using
cisco router to redirect all the web traffic to solaris machine.
setup is following:

---------------+---------LAN--------------+-------------+---
         _______|__________ _______|_____ __|__ |-- office
       | sun_box with ipf | |cisco router | |Linux|--|machines
       | | | | | | |(another LAN)
       | here I run squid| | | | masq| |--iternal IPs
       |and ipf with nat | ~~~~~|~~~~~~~ only
       ~~~~~~~~~~~~~~~~~~~~ | Serial/FRAME-RELAY link.

on cisco I have set 'next-hop for all packets sent to anyhost, port 80
should go to solaris machine,i.g. cisco redirects all the webtraffic to
sun_box.

on sun_box machine I have nat configured (with ipf) like this:

all packets sent to SOL.MACHINE.ETH.IP:80 go to 127.0.0.1
all packets sent to 0.0.0.0:80 go to SOL.MACHINE.ETH.IP:3128

(the problem here is that when I used loopback address in latter case, I
was getting error "connection reset by peer" in browser right away..ideas?).

The general problem, when I use browser with no proxy settings, it
downloads sites, but sometimes stops on the half way of the file, and
reports 'connection is reset by peer', while the other times it could
finish downloading up just fine. However sometimes it stops on the half
way of this and never finishes up.I had the feeling that it's my link
problem, but when I point out that I want to use proxy on browser, it
downloads the same site just fine.(I tested this from a client sitting
behind masqueraded machine, but I was told that machine with real IP works
the same way as well).

I was talking to mr. Quinton Dolan (q@fan.net.au), (since I browsed the
list archive and have seen he has responded to the similar kind of post).
and he suggested that either it could be a problem of different MTU.(but I
checked all the MTU has the same value 1500 bytes). or the problem with
masquerade on Linux machine, i.g. it could mess up packets or something.
 Well, I did an additional investigation, and tried to browse net from the
box, directly connected to the same LAN with Sun_box and got almost the
same picture. It downloads some first files fine, but fetches
the half or even less of other files.

I use squid-2 which is configured,compiled and installed exactly as it
mentioned in FAQ. (with --enable-ipf-transparent, and all acceletator
options turned in conf file).

 I would appreciate if anyone would share ideas what could cause this.

 Thanks beforehand.

 Fyodor
Received on Fri Nov 27 1998 - 00:55:48 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:23 MST