hi list:
i have just installed my Squid server and it's working beautifully, in the traditional proxy config.. but now i wanna engage transparent proxying...
i have tried using the ip_gre module, but my machine won't accept the creation of the gre1 interface.. attempts to download IPTunnel have been futile as well...
so i have tried to compile the ip_wccp module, and got it to work with my kernel.. as in, i was able to load it using modprobe.... although am not exactly sure if it the normal one.. :-)...
i have setup my configz on the squid box as follows:
/etc/squid.conf
http_port 3128
cache_mem 32 MB
cache_dir ufs /var/squid/cache 100 16 256
cache_access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log /var/squid/logs/store.log
debug_options ALL,1
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
reference_age 3.5 days
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl allowed_hosts src 192.168.1.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow allowed_hosts
http_access deny all
icp_access allow all
miss_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
wccp_router 1.1.1.1
/sbin/ipchains
$IPCHAINS -A input -s 216.250.215.0/24 80 -d 0/0 -p tcp -j REDIRECT 3128
Cisco 3640 router
conf t
ip wccp enable
!
ip wccp redirect-list 1
!
int e0
ip addresses 1.1.1.1 255.255.255.0
ip web-cache redirect
!
access-list 1 permit 192.168.0.0 255.255.255.0
I am running Squid 2.3 on Linux 2.2.19-SMP... is there something i could have missed.. please advise..
much appreciated.. thanks..
regards... AKNIT
_____________________________________________________________
Be different Get yourself a Globenetcafe.net email ID
Uganda's Newest internet cafe www.globenetcafe.net
Received on Fri Aug 10 2001 - 23:42:08 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:34 MST