Re: [squid-users] [Urgent] Please help : NAT + squid2.7 on ubuntu server 9.10 + cisco firewall (ASA5510)

From: Vichao Saenghiranwathana <vichaos_at_gmail.com>
Date: Thu, 8 Apr 2010 22:52:54 +0700

I still stunned. Can you explain more in deeper detail so I can
understand what the problem is.

I'm really appreciate it
Vichao S

On Thu, Apr 8, 2010 at 2:03 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
> Vichao Saenghiranwathana wrote:
>>
>> What I have done so far are
>> 1. Connected squid transparent proxy server with ASA5510 via eth0 interface
>>
>> 2. Set up NAT at ASA5510 to map squid transparent proxy
>> server(192.168.9.251) with the public ip (203.130.133.9)
>>
>
> There should be no need for NAT on the ASA. Relevant packets get _routed_ down the WCCP tunnel to the Squid box where NAT happens.
>
> Squid outbound traffic gets the same handling any outbound traffic would (except pushing back down the wccp tunnel).
>
>
>> 3. Configured eth0 interface
>> eth0.0 ----------> 192.168.9.251
>> eth0.1 ----------> 203.130.133.9
>>
>> 4. Added wccp to squid.conf
>> http_port 3128 transparent
>> # ###### 192.168.9.253 is ASA5510
>> wccp2_router 192.168.9.253
>> wccp2_forwarding_method 1
>> wccp2_return_method 1
>> wccp2_assignment_method 1
>> httpd_accel_no_pmtu_disc on
>>
>> 5. Used is following command
>> modprobe ip_gre
>> iptunnel add gre0 mode gre remote 192.168.9.253 local 192.168.9.251 dev eth0.0
>> ifconfig gre0 inet 192.168.9.251 netmask 255.255.255.0 up
>> ip link set eth0 mtu 1400
>> ip link set gre0 mtu 1400
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>> echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
>> echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
>> echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
>> echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
>> echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
>> echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter
>> iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j
>> REDIRECT --to-port 3128
>>
>> 6. Cisco config
>> wccp web-cache
>> wccp interface inside web-cache redirect in
>>
>> This is my network diagram
>> Network diagram : http://dl.dropbox.com/u/5966530/Network%20Diagram_small.jpg
>>
>> I would like to know if I missed some steps or I did something wrong.
>>
>> Your help will be greatly appreciated!
>>
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE9 or 3.1.1
Received on Thu Apr 08 2010 - 16:00:47 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 13 2010 - 12:00:04 MDT