Re: Cisco redirection working

From: Graham Somers <[email protected]>
Date: Sun, 8 Feb 1998 11:18:44 +0200

Hi

If you could take the time to give a short rundown on your steps to
getting your Cisco redirection working I, and I'm sure others, would
appreciate it. I have been following the topic but seem to have left
out something vital.

Thanks

Graham

> Many thanks to the following individules and this list for helping me get
> redirection and transparent proxying working on my Cisco/Linux box.
>
> Lincoln Dale
> Riccardo Vratogna
> Mark White
> Henrik Nordstrom
>
>
> First, here is what I added to my Cisco:
>
> !
> interface Ethernet0
> description To Office Ethernet
> ip address 208.206.76.1 255.255.255.0
> no ip directed-broadcast
> no ip mroute-cache
> ip policy route-map proxy-redir
> !
> access-list 110 deny tcp host 208.206.76.44 any eq www
> access-list 110 permit tcp any any eq www
> route-map proxy-redir permit 10
> match ip address 110
> set ip next-hop 208.206.76.44
>
>
> My squid box runs Linux, so I had to do the following on it:
>
> my kernel (2.0.33) config looks like this:
>
> #
> # Networking options
> #
> CONFIG_FIREWALL=y
> # CONFIG_NET_ALIAS is not set
> CONFIG_INET=y
> CONFIG_IP_FORWARD=y
> CONFIG_IP_MULTICAST=y
> CONFIG_SYN_COOKIES=y
> # CONFIG_RST_COOKIES is not set
> CONFIG_IP_FIREWALL=y
> # CONFIG_IP_FIREWALL_VERBOSE is not set
> CONFIG_IP_MASQUERADE=y
> # CONFIG_IP_MASQUERADE_IPAUTOFW is not set
> CONFIG_IP_MASQUERADE_ICMP=y
> CONFIG_IP_TRANSPARENT_PROXY=y
> CONFIG_IP_ALWAYS_DEFRAG=y
> # CONFIG_IP_ACCT is not set
> CONFIG_IP_ROUTER=y
>
>
> Then some ipfwadm stuff, redirecting
>
> ipfwadm -I -a accept -r -P tcp -S 208.206.76.0/24 -D any/0 www
> ipfwadm -I -a accept -r -P tcp -S 208.214.44.0/24 -D any/0 www
> ipfwadm -I -a accept -r -P tcp -S 208.214.45.0/24 -D any/0 www
> ipfwadm -I -a accept -r -P tcp -S 208.232.62.0/24 -D any/0 www
> ipfwadm -I -a accept -r -P tcp -S 208.232.63.0/24 -D any/0 www
>
> (the above networks are our users dial-in pools, and our lan)
>
>
> and the squid is configured as:
>
> http_port 80
> icp_port 3130
> httpd_accel virtual 80
> httpd_accel_with_proxy on
>
>
> This works great. Many thanks.
>
> Brian
>
>
> /-------------------------- signal@shreve.net -----------------------------\
> | Brian Feeny | USR TC Hubs | ShreveNet Inc. (318)222-2638 |
> | Network Administrator | Perl, Linux | Web hosting, online stores, |
> | ShreveNet Inc. | USR Pilot | Dial-Up 14.4-56k, ISDN & LANs |
> | 89 CRX DX w/MPFI, lots of |-=*:Quake:*=-| http://www.shreve.net/ |
> | mods/Homepage coming soon |LordSignal/SN| Quake server: 208.206.76.47 |
> \-------------------------- 318-222-2638 x109 -----------------------------/
>
>
>

Graham Somers
Systems Administrator
ICON Internet
gsomers@icon.co.zw
http://www.icon.co.zw
Cell 111 20 20 83
Received on Sun Feb 08 1998 - 01:24:03 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:48 MST