Anant, I've been using Squid/WCCP for transparently proxying about 800 PCs for a while now - you have to dig about for all the correct bits, but it's very slick when you finally get it right. My config is:
- Redhat 7.2 with minimum packages - 2.4.18 kernel with v1.3 source for ip_wccp.c from: http://www.squid-cache.org/WCCP-support/Linux (if you run the 2.4.18 WCCPv2 patch from http://squid.visolve.com/developments/wccpv2.htm first, it sets up all the config makefile and help hooks so you can see it in menuconfig) - squid2.5STABLE3 with the visolve_wccpv2-s2_5.patch from: http://devel.squid-cache.org/projects.html#visolve_wccpv2 - squidGuard 1.2.0 (using Berkeley DB 3.3.11 for the blacklist database) - If you have to implement a Corporate Internet Usage policy, this is very fast and flexible - iptables 1.2.8 userspace utilities and a single redirection: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 - OpenSSH, webmin - Cisco routers with IOS 12.1T I've only arrayed up to 4 PCs (Compaq 350 through 1.4 with 256-512MB) at a time to test the load balancing features and more importantly the ability to pull a box without getting loads of complaints, but I'm sure there are others out there who have done more and can comment further about limitations etc (Henrik probably). I only looked at WCCP as an interrim stopgap because of the problems with maintaining/supporting manual configurations across 15+ locations, 2 Internet links, proxy-sensitive IEAK-hating software like Tarantella, and proxy.pac functions like myipaddress() breaking on some Win2k machines (.NET I think) but these squid boxes are now some of the lowest maintenance systems we have. I use a standard config which handles configured clients on port 3128 and transparently proxies any other port 80 traffic at the same time. The only funny that I've found with it is that on one of my routers where I'm intercepting outgoing browser traffic that arrives already tunnelled, I've had to use route maps to clear the DF bit on return (Internet->private) traffic because the combination of GRE and WCCP seems to cause outgoing ICMP Clear DF messages even if I try clamping my firewall MTU down to 576 (I didn't leave it there!) ...and because outgoing ICMP from a privately addressed router relating to NATed browser traffic is next to useless on the Internet I'd be happy to send you some more detail, but my build notes are over 50 pages and climbing, and IMHO this is one area you need to struggle a little to get it up and running, or you will never know where to start if things go wrong Regards Phil DG -----Original Message----- From: anant shintre [mailto:[EMAIL PROTECTED] Sent: 18 July 2003 17:51 To: [EMAIL PROTECTED] Subject: [squid-users] Transperent Proxy Squid is running O.K. Presently I get access log only of those clients where I have changed proxy settings. It is not possible to go to all machines and change the same. I thing I can use transperent proxy for some. Squid FAQ does not give information about transperent proxy. Please suggest me some good documentation for the same for Linux 8, Squid 2.5 combination. Thanks __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ Confidentiality Notice This communication and the information it contains: (a) is intended for the person(s) or Organisation(s) named above and for no other persons or organisations and, (b) may be confidential, legally privileged and protected by law. Unauthorised use, copying or disclosure of any of it may be unlawful. When addressed to our clients any opinions or advice contained in this e-mail are subject to CCRE's terms and conditions of business notified to the client or expressed in the governing client engagement letter. If you receive this communication in error, please notify us immediately, destroy any copies and delete it from your computer system.
