[squid-users] Transparent Proxy on Solaris 9

From: takis poly <poly_pan78@dont-contact.us>
Date: Thu, 27 Dec 2007 16:55:21 +0000

Hi,
I would like to implement a transparent proxy on Sun-Fire-480R machine with Solaris 9 OS, I also use a CISCO Router which doing the redirection of webtraffic into Squid.

I have successfully installed squid-2.6.STABLE9 with the following options

./configure '--localstatedir=/var' '--enable-removal-policies=heap,lru' '--enable-arp-acl' '--enable-ipf-transparent'

I use the ip-filter 3.4.32 for redirecting the webtraffic(port 80) to port 3123

vi /etc/opt/ipf/ipnat.conf

rdr ce0 0.0.0.0/0 port 80 -> 10.0.0.222 port 3123 tcp

and on router I set

route-map proxy-redirect permit 20
 match ip address PROXY-REDIRECT
 set ip next-hop 10.0.0.222

ip access-list extended PROXY-REDIRECT
 deny tcp any any neq www
 deny tcp host 10.0.0.222 any
 permit tcp any any

I can successfully telnet the PROXY from a client on port 80

root@ulysses:/> telnet 10.0.0.222 80
Trying 10.0.0.222...
Connected to 10.0.0.222.
Escape character is '^]'.

But from web-browser I am not able to have access on webpages….and the nat table list the following:

root@isidora:/> ipnat -l
List of active MAP/Redirect filters:
rdr ce0 0.0.0.0/0 port 80 -> 10.0.0.222 port 3123 tcp

List of active sessions:
RDR 10.0.0.222 3123 <- -> 198.133.219.25 80 [10.0.0.15 4322]
RDR 10.0.0.222 3123 <- -> 10.0.0.222 80 [10.0.0.22 51707]

I would appreciate if someone help me?
Has someone configured a transparent proxy on Solaris?

Thanks in advance
Happy new Year

 

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Received on Thu Dec 27 2007 - 09:55:28 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:02 MST