Re: [squid-users] cisco ios 11.1 and squid do not work transp mode

Ok. Here is a small test protocol you can try to isolate where your problems
may be:

1. Set up a station on the same LAN segment as the proxy.

2. Remove all interception rules from your routers and proxy

3. From the Squid server, try to browse without using a proxy (use lynx if
you do not have X running). If this do not work then something is wrong with
the networking setup of your proxy server.

4. Start Squid

5. Configure your browser to use Squid as proxy. If this do not work then the
Squid setup is not correct.

6. Install the TCP/IP interception rules on the Squid server.

7. Can you still browse? If not then the interception rules are invalid.

8. Reconfigure the station to use the Squid server as default gateway, and
take away any proxy settings from your browser.

9. Try to browse. If it works, and your requests appear in Squid's access log
then the everything is correct so far. If it hangs and times out then
interception rules are not correct. If a Squid error message is returned then
your squid.conf is not correctly set.

10. Install the interception rules in your router.

11. Can you still browse? If not, then your router rule intercepts Squid when
Squid is trying to reach the internet... review your router rules.

12. Verify that you can browse from a station on the other "correct" side of
the router, and that the requests appears in Squid's access.log. If not then
your router interception rules are not correct.

Regards
Henrik Nordström
Squid Developer

Luiz Felipe Ceglia wrote:
> Hi,
>
> >What are your interception rules on the Squid host?
>
> The interceptio rules where the rules found in the squid faq.
> I addedd ipchains to listen on port 80 and redirect to squid on 3128.
>
> >Do you get a reply, or do the request time out?
>
> I guess a timeout.
>
> >Do you see redirected packets if you run "tcpdump -p" on the Squid host?
>
> Never tried this.
>
>
> I've read somewhere that I needed ipfilters (squid, when compiling
> complains about it) to redirect from external routers.
>
> Thank you,
>
> >Regards
> >Henrik Nordström
> >
> >Luiz Felipe Ceglia wrote:
> >> Hi Folks,
> >>
> >> I have a cisco router which I would like to redirect my port 80
> >> requests to a squid machine.
> >>
> >> My cisco has IOS 11.1 and Squid 2.4.STABLE4
> >>
> >> I've done what is told in the part 17 of the squid faq, both in cisco
> >> and squid.conf.
> >>
> >> I tried to redirect port 80 -> 3128 and even put squid listening on
> >> port 80.
> >>
> >> Nothing happens on squid's access.log.
> >>
> >> With iptraf I see:
> >>
> >> t01p04.domain.com.br:1309
> >> 209.126.181.226:www
> >>
> >> while t01p4 is one of the hosts I want to transparent proxy to.
> >>
> >> Would anyone know what is wrong?
> >>
> >> PS: This very squid is working transparently for a localnet, for
> >> which this machine is the gateway.
> >>
> >> Thank you,
> >> --
> >> Luiz Felipe Ceglia - Staff TereNet
> >> lceglia@terenet.com.br - +55-21-9135-3679
Received on Wed Mar 27 2002 - 09:49:20 MST