[squid-users] Problems with interception cache on Solaris

From: Joe Kattner <joe.kattner@dont-contact.us>
Date: Fri, 2 Nov 2001 09:36:45 -0500

Hello All,

Need some help setting up an interception cache. Everything is set up as
below, the requests are getting from the network to ipfilter on the squid
server, but they're not making it to squid, or squid isn't doing anything
with them.

There is no problem with communication from the squid server outbound, and
have reverted back to using a regular cache, which is working fine.

Thanks, any help is greatly appreciated!

--Joe

bash-2.03# uname -a
SunOS cdptproxy 5.7 Generic_106541-14 sun4u sparc SUNW,Ultra-2

bash-2.03# /usr/local/squid/bin/squid -v
Squid Cache: Version 2.4.STABLE2
Built with: ./configure --prefix=/usr/local/squid --enable-ipf-transparent
--enable-storeio=diskd,ufs

Configured ipfilter 3.4.21 on the server:
# Redirect direct web traffic to local web server.
rdr hme0 24.48.58.222/32 port 80 -> 24.48.58.222 port 80 tcp
# Redirect everything else to squid on port 8080
rdr hme0 0.0.0.0/0 port 80 -> 24.48.58.222 port 3128 tcp

bash-2.03# /sbin/ipnat -f /etc/ipnat.rules

bash-2.03# ls -al /devices/pseudo/ipf@0:ipnat
crw-r--r-- 1 root squid 65, 1 Nov 1 22:19
/devices/pseudo/ipf@0:ipnat

bash-2.03# /sbin/ipnat -l
List of active MAP/Redirect filters:
rdr hme0 24.48.58.222/32 port 80 -> 24.48.58.222 port 80 tcp
rdr hme0 0.0.0.0/0 port 80 -> 24.48.58.222 port 3128 tcp

List of active sessions:

Using a policy map on the router to point to the proxy server:
Cisco Internetwork Operating System Software
IOS (tm) MSFC Software (C6MSFC-JSV-M), Version 12.1(5a)E, EARLY DEPLOYMENT
RELEASE SOFTWARE (fc1)

route-map proxy-redirect permit 20
 match ip address redirects
 set ip next-hop 24.48.58.222

ip access-list extended redirects
 deny tcp host 24.48.58.222 any eq www
 permit tcp any any eq www
Configured squid per the faq:

http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Received on Fri Nov 02 2001 - 07:36:19 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:50 MST