- Posts: 158
- Thank you received: 1
Transparent Proxy
12 years 9 months ago #37820
by skylimit
"...you are never too old to learn" anon
Transparent Proxy was created by skylimit
Hi guys, I was just wondering if anyone's configured a squid proxy using WCCP and a linux server. I cant seem to work out how to install/integrate wccp when installing squid.
In other words, is WCCP/WCCPv2 installed separately? If so, how? Or do you just do something like --enable-wccp during build? The latter didn't seem to work for me as after installation i did a squid -v | grep -i wccp and got nothing
any contributions appreciated.
thanks
In other words, is WCCP/WCCPv2 installed separately? If so, how? Or do you just do something like --enable-wccp during build? The latter didn't seem to work for me as after installation i did a squid -v | grep -i wccp and got nothing
any contributions appreciated.
thanks
"...you are never too old to learn" anon
12 years 9 months ago #37821
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: Transparent Proxy
Skylimit,
I've never used WCCP and just read about it - it seems really interesting! While I haven't had any experience on this, I did some research and found the following website which seems to have some useful information, take a look at it and let us know if it helped :
www.sublime.com.au/squid-wccp/
Good luck!
I've never used WCCP and just read about it - it seems really interesting! While I haven't had any experience on this, I did some research and found the following website which seems to have some useful information, take a look at it and let us know if it helped :
www.sublime.com.au/squid-wccp/
Good luck!
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
12 years 9 months ago - 12 years 9 months ago #37829
by skylimit
"...you are never too old to learn" anon
Replied by skylimit on topic Re: Transparent Proxy
Thanks for the link Chris.
I stumbled on that link as well during my google search but got a bit confused at a point.
One thing I find confusing on that link is that wccp is enabled when building squid
BEFORE it is compiled. Thought it would have been the other way round. Will go through it again though and post if I get stuck.
Different question:
Have you any experience redirecting http requests to a Cisco router on a LAN to a proxy server on the Internet? Have seen a few threads using Policy-Based Routing but can't get it working. Is it "good practise" to have your proxy locally or remotely or it doesn;t really matter.
Thanks again
P.S: installing it on Ubuntu 11.04
I stumbled on that link as well during my google search but got a bit confused at a point.
One thing I find confusing on that link is that wccp is enabled when building squid
Code:
/configure --prefix=/usr/local --enable-wccp --enable-linux-netfilter --enable-async-io
BEFORE it is compiled. Thought it would have been the other way round. Will go through it again though and post if I get stuck.
Code:
gcc -D__KERNEL__ -I/usr/src/linux/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fomit-frame-pointer -fno-strict-aliasing -fno-common -pipe -mpreferred-stack-boundary=2 -march=i686 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h -c -o ip_wccp.o ip_wccp.c
Different question:
Have you any experience redirecting http requests to a Cisco router on a LAN to a proxy server on the Internet? Have seen a few threads using Policy-Based Routing but can't get it working. Is it "good practise" to have your proxy locally or remotely or it doesn;t really matter.
Thanks again
P.S: installing it on Ubuntu 11.04
"...you are never too old to learn" anon
Last edit: 12 years 9 months ago by skylimit.
12 years 9 months ago #37832
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: Transparent Proxy - Cisco Policy Based Routing
Skylimit,
I always configure the proxy locally and rarely use Cisco Policy Base Routing for this purpose, however I believe it can be done.
What you can do is configure the router to accept HTTP packets only from the proxy, that way 'smart' clients removing their proxy from the browser's settings will be left without Internet and forced to use the proxy.
Alternatively as you mentioned, policy based routing (PBR)is another solution.
If you have any problems with PBR, let us know so we can help you with the configuration.
p.s PBR is extremely powerful - if you haven't played with it, I highly suggest you try it as it can be used in many different scenarios.
I always configure the proxy locally and rarely use Cisco Policy Base Routing for this purpose, however I believe it can be done.
What you can do is configure the router to accept HTTP packets only from the proxy, that way 'smart' clients removing their proxy from the browser's settings will be left without Internet and forced to use the proxy.
Alternatively as you mentioned, policy based routing (PBR)is another solution.
If you have any problems with PBR, let us know so we can help you with the configuration.
p.s PBR is extremely powerful - if you haven't played with it, I highly suggest you try it as it can be used in many different scenarios.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
12 years 9 months ago - 12 years 9 months ago #37841
by skylimit
"...you are never too old to learn" anon
Replied by skylimit on topic Re: Transparent Proxy - Cisco Policy Based Routing
I have put WCCP with Squid on hold for the moment as my IOS doesn't support it.
Tried using PBR without luck. I suspect my access lists are conflicting as I can see matches. Also, the proxy listens on port 3128 so I'm not sure whether to use a static NAT or not?
I will post the config as soon as I can but it's something like this
thanks
Tried using PBR without luck. I suspect my access lists are conflicting as I can see matches. Also, the proxy listens on port 3128 so I'm not sure whether to use a static NAT or not?
I will post the config as soon as I can but it's something like this
Code:
!
!
!
interface fa0/2
Description WAN interface
ip address 192.168.x.x 255.255.255.0
ip access-group 101 out
!
!
access-list 101 permit tcp any any eq 80
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq 25
access-list 101 permit tcp any any eq 110
access-list 103 deny tcp any any [b]neq[/b] www
access-list 103 permit tcp any any
!
!
route-map PBR permit 10
match ip address 103
set ip next-hop <ip address of proxy server>
!
!
int fa0/0
Description LAN interface
ip policy route-map PBR
!
!
thanks
"...you are never too old to learn" anon
Last edit: 12 years 9 months ago by skylimit.
Time to create page: 0.126 seconds