Cisco redirection working from Brian on 1998-02-07 (squid-users)

From: Brian <signal@dont-contact.us>
Date: Sat, 7 Feb 1998 21:08:41 -0600 (CST)

Many thanks to the following individules and this list for helping me get
redirection and transparent proxying working on my Cisco/Linux box.

Lincoln Dale
Riccardo Vratogna
Mark White
Henrik Nordstrom

First, here is what I added to my Cisco:

!
interface Ethernet0
description To Office Ethernet
ip address 208.206.76.1 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
ip policy route-map proxy-redir
!
access-list 110 deny tcp host 208.206.76.44 any eq www
access-list 110 permit tcp any any eq www
route-map proxy-redir permit 10
match ip address 110
set ip next-hop 208.206.76.44

My squid box runs Linux, so I had to do the following on it:

my kernel (2.0.33) config looks like this:

#
# Networking options
#
CONFIG_FIREWALL=y
# CONFIG_NET_ALIAS is not set
CONFIG_INET=y
CONFIG_IP_FORWARD=y
CONFIG_IP_MULTICAST=y
CONFIG_SYN_COOKIES=y
# CONFIG_RST_COOKIES is not set
CONFIG_IP_FIREWALL=y
# CONFIG_IP_FIREWALL_VERBOSE is not set
CONFIG_IP_MASQUERADE=y
# CONFIG_IP_MASQUERADE_IPAUTOFW is not set
CONFIG_IP_MASQUERADE_ICMP=y
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_ALWAYS_DEFRAG=y
# CONFIG_IP_ACCT is not set
CONFIG_IP_ROUTER=y

Then some ipfwadm stuff, redirecting

ipfwadm -I -a accept -r -P tcp -S 208.206.76.0/24 -D any/0 www
ipfwadm -I -a accept -r -P tcp -S 208.214.44.0/24 -D any/0 www
ipfwadm -I -a accept -r -P tcp -S 208.214.45.0/24 -D any/0 www
ipfwadm -I -a accept -r -P tcp -S 208.232.62.0/24 -D any/0 www
ipfwadm -I -a accept -r -P tcp -S 208.232.63.0/24 -D any/0 www

(the above networks are our users dial-in pools, and our lan)

and the squid is configured as:

http_port 80
icp_port 3130
httpd_accel virtual 80
httpd_accel_with_proxy on

This works great. Many thanks.

Brian

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:48 MST