Re: [plug] transparent proxy

[fooler]

----- Original Message ----- From: "Ina Patricia Lopez" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, June 08, 2000 02:39 PM Subject: [plug] transparent proxy > i have this config on my cisco 2511 router: > route-map proxy-redirect permit 10 >   match ip address 110 >   set ip next-hop <ip_of_redhat_with_squid> correct > > access-list 110 deny tcp any any neq www > access-list 110 deny tcp host > <ip_of_redhat_with_squid>  any > access-list 110 permit tcp any any ill make it a simple: access-list 110 deny tcp host <ip_of_redhat_with_squid> any eq www access-list 110 permit tcp any any eq www > interface eth0 >   ip policy route-map proxy redirect lack of "-" or minus sign between proxy and redirect since you declared in above is "proxy-redirect" interface eth0     ip policy route-map proxy-redirect > ----------------------------------------------- > i compiled squid with enable-ipf-transparent. > part of my squid.conf: not necessarily for linux, enable-ipf-transparent is for BSD ipf  firewall program only. > http_port 3128 > httpd_accel_host virtual > httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on correct > after applying the route map to router's E0, > wstns cant access any web site. > > can you pls. help me ? you didnt *redirect* the forwarded packets from the router to your redhat box. use ipchains to redirect from hijack port 80 to 3128. for example:         /sbin/ipchains -A input -p tcp -d 0/0 80 -j REDIRECT 3128 and if your proxy server is the same time a *http server* , include this *before* the above ipchains rule:         /sbin/ipchains -A input -p tcp -d 127.0.0.1 80 -j ACCEPT         /sbin/ipchains -A input -p tcp -d <ip_of_redhat_with_squid> 80 -j ACCEPT and dont forget to enable IP_FORWARDING in /etc/sysconfig/network file     FORWARD_IPV4=yes fooler. DISCLAIMER: My views are my own and not necessarily my employer's