Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Transparent Proxy

Transparent Proxy 4 years 9 months ago #37820

  • skylimit
  • skylimit's Avatar
  • Offline
  • Distinguished Member
  • Posts: 158
  • Thank you received: 1
  • Karma: 0
Hi guys, I was just wondering if anyone's configured a squid proxy using WCCP and a linux server. I cant seem to work out how to install/integrate wccp when installing squid.

In other words, is WCCP/WCCPv2 installed separately? If so, how? Or do you just do something like --enable-wccp during build? The latter didn't seem to work for me as after installation i did a squid -v | grep -i wccp and got nothing

any contributions appreciated.

thanks
"...you are never too old to learn" anon
The administrator has disabled public write access.

Re: Transparent Proxy 4 years 9 months ago #37821

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Skylimit,

I've never used WCCP and just read about it - it seems really interesting! While I haven't had any experience on this, I did some research and found the following website which seems to have some useful information, take a look at it and let us know if it helped :

www.sublime.com.au/squid-wccp/

Good luck!
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Transparent Proxy 4 years 9 months ago #37829

  • skylimit
  • skylimit's Avatar
  • Offline
  • Distinguished Member
  • Posts: 158
  • Thank you received: 1
  • Karma: 0
Thanks for the link Chris.

I stumbled on that link as well during my google search but got a bit confused at a point.

One thing I find confusing on that link is that wccp is enabled when building squid
/configure --prefix=/usr/local --enable-wccp --enable-linux-netfilter --enable-async-io

BEFORE it is compiled. Thought it would have been the other way round. Will go through it again though and post if I get stuck.
gcc -D__KERNEL__ -I/usr/src/linux/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fomit-frame-pointer -fno-strict-aliasing -fno-common -pipe -mpreferred-stack-boundary=2 -march=i686 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h -c -o ip_wccp.o ip_wccp.c

Different question:

Have you any experience redirecting http requests to a Cisco router on a LAN to a proxy server on the Internet? Have seen a few threads using Policy-Based Routing but can't get it working. Is it "good practise" to have your proxy locally or remotely or it doesn;t really matter.

Thanks again

P.S: installing it on Ubuntu 11.04
"...you are never too old to learn" anon
Last Edit: 4 years 9 months ago by skylimit.
The administrator has disabled public write access.

Re: Transparent Proxy - Cisco Policy Based Routing 4 years 9 months ago #37832

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Skylimit,

I always configure the proxy locally and rarely use Cisco Policy Base Routing for this purpose, however I believe it can be done.

What you can do is configure the router to accept HTTP packets only from the proxy, that way 'smart' clients removing their proxy from the browser's settings will be left without Internet and forced to use the proxy.

Alternatively as you mentioned, policy based routing (PBR)is another solution.

If you have any problems with PBR, let us know so we can help you with the configuration.

p.s PBR is extremely powerful - if you haven't played with it, I highly suggest you try it as it can be used in many different scenarios.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Transparent Proxy - Cisco Policy Based Routing 4 years 9 months ago #37841

  • skylimit
  • skylimit's Avatar
  • Offline
  • Distinguished Member
  • Posts: 158
  • Thank you received: 1
  • Karma: 0
I have put WCCP with Squid on hold for the moment as my IOS doesn't support it.

Tried using PBR without luck. I suspect my access lists are conflicting as I can see matches. Also, the proxy listens on port 3128 so I'm not sure whether to use a static NAT or not?

I will post the config as soon as I can but it's something like this
!
!
!
interface fa0/2
Description WAN interface
ip address 192.168.x.x 255.255.255.0
ip access-group 101 out

!
!
access-list 101 permit tcp any any eq 80
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq 25
access-list 101 permit tcp any any eq 110
access-list 103 deny tcp any any [b]neq[/b] www
access-list 103 permit tcp any any
!
!
route-map PBR permit 10
match ip address 103

set ip next-hop <ip address of proxy server>
!
!
 
int fa0/0
Description LAN interface
ip policy route-map PBR
!
!

thanks
"...you are never too old to learn" anon
Last Edit: 4 years 9 months ago by skylimit.
The administrator has disabled public write access.
Time to create page: 0.079 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup