Re: [squid-users] Help: transparent Proxy + https problems

From: Jack <sa_jill@dont-contact.us>
Date: Fri, 14 Dec 2001 09:40:19 +0530

Hello David,

Try this

/sbin/ipchains -N good-bad
/sbin/ipchains -A forward -j good-bad
/sbin/ipchains -A good-bad -p tcp --dport 443 -j MASQ

-Jack

  ----- Original Message -----
  From: David Yahoo
  To: Jack
  Sent: Thursday, December 13, 2001 12:20 PM
  Subject: Re: [squid-users] Help: transparent Proxy + https problems

  Jack,

  I used this set of ipchains for my squid box the next rules i wasnt able
to set
  ./ipchains -A input -s 192.168.0.0/24 -d 0/0 http -p TCP -
  j REDIRECT 3128

  Then i entered this line

  ipchains -A good-bad -p tcp --dport 443 -j MASQ
  ipchains: No target by that name (Maybe this kernel doesn't support
masquerading

  I tried running squid but I think it still not working.

  David
    ----- Original Message -----
    From: Jack
    To: David Yahoo
    Sent: Tuesday, December 04, 2001 11:49 AM
    Subject: Re: [squid-users] Help: transparent Proxy + https problems

    Hello David,

    You have to enable it in the kernel.
    It will be under Network Options.
      ----- Original Message -----
      From: David Yahoo
      To: Jack
      Sent: Monday, December 03, 2001 11:42 AM
      Subject: Re: [squid-users] Help: transparent Proxy + https problems

      Jack,

      how can I enable ip_gre in my unix box ?

      David
        ----- Original Message -----
        From: Jack
        To: David Yahoo
        Sent: Monday, November 26, 2001 12:35 PM
        Subject: Re: [squid-users] Help: transparent Proxy + https problems

        pre-requests
        1) ip_gre should be enabled in your kernel, if not enable ip_gre and
recompile your kernel.
        2) WCCP was supported by squid 2.3 and later version only(better to
use squid-2.4.STABLE1)
        3) squid supports only WWCPv1 only.

        Configuration
        1)In squid 2.4 and later, by default wccp is enabled.if it is 2.3
then you have to configure squid with --enable-wccp
        2)In squid.conf edit wccp_router 0.0.0.0 as wccp_router your router
ip
            and wccp_version with appropriate version.

        IN router use the following command
        ip wccp version 1
        ip wccp web-cache
        !
        interface Ethernet0/0
        ip wccp web-cache redirect out

        -Jack

        ----- Original Message -----
          From: David Yahoo
          To: Jack
          Sent: Monday, November 26, 2001 9:35 AM
          Subject: Re: [squid-users] Help: transparent Proxy + https
problems

          Hello!

          Anybody can send me some squid.conf file than it is configured to
work with wccp feature?Do we have to configure anything with our router?

          I am trying to install squid to our system (Linux Slackware
Version 7.1).First i want to run it with the minimum requirements just to
meet my deadline..I have already finihed installing the thing.I need help in
editing the parameters in squid.conf. Here is my servers specs.

          sever hostname: longlive
          ip address : 172.16.1.23 255.255.255.0

          our internal Lan ip address range 172.16.1.0

          My boss wants the wccp features of squid.Hope anyone out there can
help me especially with the acl.http_access,icp access which i dont
understand.

          David

            ----- Original Message -----
            From: Jack
            To: Andi Salimun ; squid-users@squid-cache.org
            Sent: Monday, November 26, 2001 11:46 AM
            Subject: Re: [squid-users] Help: transparent Proxy + https
problems

            Add one more ipchains rule for https
            /sbin/ipchains -A good-bad -p tcp --dport 443 -j MASQ

            -Jack
              ----- Original Message -----
              From: Andi Salimun
              To: squid-users@squid-cache.org
              Sent: Saturday, November 24, 2001 7:34 AM
              Subject: [squid-users] Help: transparent Proxy + https
problems

              Hello, I have configured linux slackware box (kernel 2.2) +
satellite connection + squid. Everything works fine except https site.
              I have also dig the doc, mailing list etc. And try it even
with normal dial up connection. Still no luck *sigh*.
              Here is the squid.conf
              http_port 3128

              httpd_accel_host virtual

              httpd_accel_port 80

              httpd_accel_with_proxy on

              httpd_accel_uses_host_header on

              cache_mem 128 MB

              cache_dir ufs /usr/local/squid/cache 15000 16 256

              dns_nameservers 127.0.0.1

              acl manager proto cache_object

              acl localhost src 127.0.0.1/255.255.255.255

              acl all src 0.0.0.0/0.0.0.0

              acl student src 192.168.0.0/255.255.255.0

              acl admin src 192.168.1.0/255.255.255.0

              #acl hotmail dstdomain .passport.com

              #always_direct allow hotmail

              #never_direct allow hotmail

              http_access deny manager all

              http_access allow localhost

              http_access allow student

              http_access allow admin

              http_access deny all

              #icp_access allow student

              #icp_access allow admin

              #icp_access deny all

              cache_mgr andi_salimun@yahoo.com

              #cache_access_log /dev/null

              #cache_store_log none

              #cache_log /dev/null

              Here is my only ipchains rules.

              /sbin/ipchains -A input -s 192.168.0.0/24 -d 0/0 http -p
TCP -j REDIRECT 3128

              Regards,

              Andi


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Received on Thu Dec 13 2001 - 21:05:08 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:21 MST