Hello All,
Need some help setting up an interception cache. Everything is set up as
below, the requests are getting from the network to ipfilter on the squid
server, but they're not making it to squid, or squid isn't doing anything
with them.
There is no problem with communication from the squid server outbound, and
have reverted back to using a regular cache, which is working fine.
Thanks, any help is greatly appreciated!
--Joe
bash-2.03# uname -a
SunOS cdptproxy 5.7 Generic_106541-14 sun4u sparc SUNW,Ultra-2
bash-2.03# /usr/local/squid/bin/squid -v
Squid Cache: Version 2.4.STABLE2
Built with: ./configure --prefix=/usr/local/squid --enable-ipf-transparent
--enable-storeio=diskd,ufs
Configured ipfilter 3.4.21 on the server:
# Redirect direct web traffic to local web server.
rdr hme0 24.48.58.222/32 port 80 -> 24.48.58.222 port 80 tcp
# Redirect everything else to squid on port 8080
rdr hme0 0.0.0.0/0 port 80 -> 24.48.58.222 port 3128 tcp
bash-2.03# /sbin/ipnat -f /etc/ipnat.rules
bash-2.03# ls -al /devices/pseudo/ipf@0:ipnat
crw-r--r-- 1 root squid 65, 1 Nov 1 22:19
/devices/pseudo/ipf@0:ipnat
bash-2.03# /sbin/ipnat -l
List of active MAP/Redirect filters:
rdr hme0 24.48.58.222/32 port 80 -> 24.48.58.222 port 80 tcp
rdr hme0 0.0.0.0/0 port 80 -> 24.48.58.222 port 3128 tcp
List of active sessions:
Using a policy map on the router to point to the proxy server:
Cisco Internetwork Operating System Software
IOS (tm) MSFC Software (C6MSFC-JSV-M), Version 12.1(5a)E, EARLY DEPLOYMENT
RELEASE SOFTWARE (fc1)
route-map proxy-redirect permit 20
match ip address redirects
set ip next-hop 24.48.58.222
ip access-list extended redirects
deny tcp host 24.48.58.222 any eq www
permit tcp any any eq www
Configured squid per the faq:
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Received on Fri Nov 02 2001 - 07:36:19 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:50 MST