Brian wrote:
> I did *not* have my squid box (linux) compiled with ip masq options,
> forwarding or anything like that. From what i read, I guess I need to do
> this.
You only need to have firewalling compiled. You don't need masquerading
or forwarding to do transparent proxying.
> I thought I could take a normal functioning squid (which needs no
> masqing, just have there browser point to it), and do the
> redirecting on the cisco, and the squid would answer, such is not
> the case. Thanks for this info.
Well, all you can tell the cisco is to route packets to the Squid host.
Somehow you have to get the Squid box to accept the packets when they
arrive there, and hand them off to your Squid process.
Minimal Linux ipfwadm config:
# Accept all on loopback
ipfwadm -I -a accept -W lo
# Accept my own IP, to prevent loops (repeat for each interface/alias)
ipfwadm -I -a accept -D thishost 80
# Send all traffic destinated to port 80 to Squid on port 3128
ipfwadm -I -a accept -P tcp -D 0/0 80 -r 3128
--- Henrik Nordström Sparetime Squid HackerReceived on Sun Feb 08 1998 - 00:07:44 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:48 MST