Skip to main content

Transparent Proxy

More
12 years 1 month ago #37820 by skylimit
Transparent Proxy was created by skylimit
Hi guys, I was just wondering if anyone's configured a squid proxy using WCCP and a linux server. I cant seem to work out how to install/integrate wccp when installing squid.

In other words, is WCCP/WCCPv2 installed separately? If so, how? Or do you just do something like --enable-wccp during build? The latter didn't seem to work for me as after installation i did a squid -v | grep -i wccp and got nothing

any contributions appreciated.

thanks

"...you are never too old to learn" anon
More
12 years 1 month ago #37821 by Chris
Replied by Chris on topic Re: Transparent Proxy
Skylimit,

I've never used WCCP and just read about it - it seems really interesting! While I haven't had any experience on this, I did some research and found the following website which seems to have some useful information, take a look at it and let us know if it helped :

www.sublime.com.au/squid-wccp/

Good luck!

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
12 years 1 month ago - 12 years 1 month ago #37829 by skylimit
Replied by skylimit on topic Re: Transparent Proxy
Thanks for the link Chris.

I stumbled on that link as well during my google search but got a bit confused at a point.

One thing I find confusing on that link is that wccp is enabled when building squid
Code:
/configure --prefix=/usr/local --enable-wccp --enable-linux-netfilter --enable-async-io

BEFORE it is compiled. Thought it would have been the other way round. Will go through it again though and post if I get stuck.
Code:
gcc -D__KERNEL__ -I/usr/src/linux/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fomit-frame-pointer -fno-strict-aliasing -fno-common -pipe -mpreferred-stack-boundary=2 -march=i686 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h -c -o ip_wccp.o ip_wccp.c

Different question:

Have you any experience redirecting http requests to a Cisco router on a LAN to a proxy server on the Internet? Have seen a few threads using Policy-Based Routing but can't get it working. Is it "good practise" to have your proxy locally or remotely or it doesn;t really matter.

Thanks again

P.S: installing it on Ubuntu 11.04

"...you are never too old to learn" anon
Last edit: 12 years 1 month ago by skylimit.
More
12 years 1 month ago #37832 by Chris
Skylimit,

I always configure the proxy locally and rarely use Cisco Policy Base Routing for this purpose, however I believe it can be done.

What you can do is configure the router to accept HTTP packets only from the proxy, that way 'smart' clients removing their proxy from the browser's settings will be left without Internet and forced to use the proxy.

Alternatively as you mentioned, policy based routing (PBR)is another solution.

If you have any problems with PBR, let us know so we can help you with the configuration.

p.s PBR is extremely powerful - if you haven't played with it, I highly suggest you try it as it can be used in many different scenarios.

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
12 years 1 month ago - 12 years 1 month ago #37841 by skylimit
I have put WCCP with Squid on hold for the moment as my IOS doesn't support it.

Tried using PBR without luck. I suspect my access lists are conflicting as I can see matches. Also, the proxy listens on port 3128 so I'm not sure whether to use a static NAT or not?

I will post the config as soon as I can but it's something like this
Code:
! ! ! interface fa0/2 Description WAN interface ip address 192.168.x.x 255.255.255.0 ip access-group 101 out ! ! access-list 101 permit tcp any any eq 80 access-list 101 permit tcp any any eq 443 access-list 101 permit tcp any any eq 25 access-list 101 permit tcp any any eq 110 access-list 103 deny tcp any any [b]neq[/b] www access-list 103 permit tcp any any ! ! route-map PBR permit 10 match ip address 103 set ip next-hop <ip address of proxy server> ! ! int fa0/0 Description LAN interface ip policy route-map PBR ! !

thanks

"...you are never too old to learn" anon
Last edit: 12 years 1 month ago by skylimit.
Time to create page: 0.149 seconds