I can't see any obvious errors.
I would suggest you start by verifying the netfilter operation.
Configure a host on the same lan segment as the proxy with a host route
for 192.168.0.1 via the proxy server, then
telnet 192.168.0.1 80
ENTER SOME JUNK
If the above gives you a Squid error page then the interception is
working just fine.
Hmm.. thinking. Maybe you need to enable IP-forwarding for ipfilter to
work properly.
Regards
Henrik Nordström
Squid Hacker
Joe Kattner wrote:
>
> Hello All,
>
> Need some help setting up an interception cache. Everything is set up as
> below, the requests are getting from the network to ipfilter on the squid
> server, but they're not making it to squid, or squid isn't doing anything
> with them.
>
> There is no problem with communication from the squid server outbound, and
> have reverted back to using a regular cache, which is working fine.
>
> Thanks, any help is greatly appreciated!
>
> --Joe
>
> bash-2.03# uname -a
> SunOS cdptproxy 5.7 Generic_106541-14 sun4u sparc SUNW,Ultra-2
>
> bash-2.03# /usr/local/squid/bin/squid -v
> Squid Cache: Version 2.4.STABLE2
> Built with: ./configure --prefix=/usr/local/squid --enable-ipf-transparent
> --enable-storeio=diskd,ufs
>
> Configured ipfilter 3.4.21 on the server:
> # Redirect direct web traffic to local web server.
> rdr hme0 24.48.58.222/32 port 80 -> 24.48.58.222 port 80 tcp
> # Redirect everything else to squid on port 8080
> rdr hme0 0.0.0.0/0 port 80 -> 24.48.58.222 port 3128 tcp
>
> bash-2.03# /sbin/ipnat -f /etc/ipnat.rules
>
> bash-2.03# ls -al /devices/pseudo/ipf@0:ipnat
> crw-r--r-- 1 root squid 65, 1 Nov 1 22:19
> /devices/pseudo/ipf@0:ipnat
>
> bash-2.03# /sbin/ipnat -l
> List of active MAP/Redirect filters:
> rdr hme0 24.48.58.222/32 port 80 -> 24.48.58.222 port 80 tcp
> rdr hme0 0.0.0.0/0 port 80 -> 24.48.58.222 port 3128 tcp
>
> List of active sessions:
>
> Using a policy map on the router to point to the proxy server:
> Cisco Internetwork Operating System Software
> IOS (tm) MSFC Software (C6MSFC-JSV-M), Version 12.1(5a)E, EARLY DEPLOYMENT
> RELEASE SOFTWARE (fc1)
>
> route-map proxy-redirect permit 20
> match ip address redirects
> set ip next-hop 24.48.58.222
>
> ip access-list extended redirects
> deny tcp host 24.48.58.222 any eq www
> permit tcp any any eq www
> Configured squid per the faq:
>
> http_port 3128
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
Received on Sat Nov 03 2001 - 03:15:34 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:52 MST