Hello, I am trying to build a squid server on solaris 8 for wccp, but It doesn't seems to work yet, here is what I did so far and I am hoping someone can point out the problem:
1. compiled squid 2.5STABLE5 with enable-ipf-transparent, the squid is configured so that it redirects all request to one URL, squid.conf: http_port 8080 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on wccp_router 167.206.45.97 cache_effective_user nobody cache_effective_group nogroup store_avg_object_size 2 KB cache_dir ufs /opt/squid-2.5.STABLE5/cache 1000 16 256 cache_access_log /var/log/localhost/squid/access.log cache_log /var/log/localhost/squid/cache.log cache_store_log /var/log/localhost/squid/store.log icon_directory /opt/squid-2.5.STABLE5/share/icons error_directory /opt/squid-2.5.STABLE5/share/errors/English mime_table /opt/squid-2.5.STABLE5/etc/mime.conf pid_filename /opt/squid-2.5.STABLE5/logs/squid.pid unlinkd_program /opt/squid-2.5.STABLE5/libexec/unlinkd redirect_program /usr/local/asqredir/asqredir /usr/local/asqredir/urls.txt redirect_children 5 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl SSL_ports port 443 563 22 acl Safe_ports port 7001 80 21 22 443 563 70 210 1025-65535 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow all http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports miss_access allow all icp_access allow all 2. installed ipf version 3.4.32 ipnat config file: rdr bge0 0.0.0.0/0 port 80 -> 167.206.45.99 port 8080 tcp output for ipnat -l: #ipnat -l List of active MAP/Redirect filters: rdr bge0 0.0.0.0/0 port 80 -> 167.206.45.99 port 8080 tcp List of active sessions: The network guy told me that the cisco router sees the wccp server (my squid server) ok and they can communicate, but when I open a web browser on a server which connects to this cisco router, it just times out every time. It didn't get to the redirected URL as I wanted. ( I was snooping on the squid server and didn't see any incoming packets from the cisco router, but not sure if the snoop works under ipf ). Thanks for your help. James Zhao
