On Monday 04 August 2003 07.52, Larry M. Smith wrote: > I am trying to set up Squid 2.5-STABLE3 as a transparent proxy with > a Cisco 7204 VXR (running IOS 12.2(6))and am running across a > maddening problem - works in test network, doesn't work in > production network.
> will show the redirected packet counter incrementing, access.log is > logging client accesses, cache.log shows no abnormalities, and > barely breaking a sweat (squid taking < 1% of CPU), but the clients > never get pages and eventually time out. Did a sniff of the Have you instructed your router to not intercept Squid's own traffic? Same thing in the interception rules on your Squid server? (but if you disable the interception on the Cisco I don't think this is the problem..) > The only difference between the production and test networks (other > than client load) is the production network is redirecting off of > atm1/0 while the test network is redirecting off of fa0/0 (and the > requisite addressing/configuration changes). I don't believe that > to be cause of the functionality problem as in the production > network I do see the packets being redirected to Squid. If you see traffic in access.log then the redirection is working. If you have enabled interception and then normal proxying does not work then the interception is intercepting too much, preventing the proxy itself from doing what it should. Remember that the proxy is just a HTTP client like any other in the eye of interception rules and if the proxy uses the same router as your clients then rules is needed to instruct the router on what to do with the traffic. A very good test when verifying networing, interception rules etc is to start by verifying that browsing directly from the proxy server without using the proxy always works. For this purpose you can use lynx/wgetor even squidclient (just remember to specify host and port options to squidclient, or else it assumes you want to ask the proxy..). If browsing from the proxy server does not work then there is networking errors and proxying via the same can not work until the networking errors are corrected. -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
