At 12:22 03.06.99 -0500, Carlos Diaz wrote:
>Hi list I'm new on linux so please don't kick me.
>
>I'm trying to set up my cisco router to do transparent proxy. I'm using the
>serial 0 to connect to my ISP and ethernet 0 for my lan. This is the
>configuration that i have in my rourter where *.*.*.* is the ip of my linux
>server.
I've used a similar setup myself (cisco for redirect, squid as transparent
proxy, eth0 lan, ser0 uplink); here's the configuration I used:
Cisco:
interface Ethernet0
ip address *.*.*.1 255.255.255.0
no ip redirects
no ip directed-broadcast
no ip mroute-cache
ip policy route-map proxy-redirect
priority-group 1
!
route-map proxy-redirect permit 10
match ip address 112
set ip next-hop *.*.*.3
!
access-list 112 deny tcp host *.*.*.3 any
access-list 112 deny tcp *.*.*.0 0.0.0.255 any
access-list 112 permit tcp any any eq www
access-list 112 deny ip any any
Here's the relevant part of squid.conf (Version 2.0.PATCH2)
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Finally the necessary kernel options:
* IP: transparent proxy support (EXPERIMENTAL)
* IP: always defragment
Finally, you should be aware that transparent proxying shoul be avoided if
possible; it's better to redirect traffict to a static page that tells the
clients to use your proxy.
Reasons:
1) you'll be able to cache traffic to ports != www and protocols like ftp
2) You've got to be very careful with your routing between clients / router
/ squid, some things (like MTU ath discovery) won't work there.
Bye, Martin
"you have moved your mouse, please reboot to make this change take effect"
--------------------------------------------------
Martin Bene vox: +43-664-3251047
simon media fax: +43-316-813824-6
Andreas-Hofer-Platz 9 e-mail: mb@sime.com
8010 Graz, Austria
--------------------------------------------------
finger mb@mail.sime.com for PGP public key
Received on Fri Jun 04 1999 - 02:12:50 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:43 MST