Re: transparent squid on Solaris+cisco.

From: Anthony Ryan <[email protected]>
Date: Fri, 27 Nov 1998 10:32:22 +0000 (GMT)

I was experiencing similar symptons trying to use ipfilter3.2.9
However, when I tried a new release of ipfilter ( 3.2.10b7 in fact )
my set up worked straight away.

The same ipf enabled squid-2 was used throughout these tests.
The same ipnat rules file was used throughoutas well.

I don't know why but on ipfil3.2.9 transparent caching did not work for
me ( even though most of the basic ipfilter stuff did work )

One other thing is that I've never been able to get it to work with
address 127.0.0.1 - instead I have to put the real ip address of one of
the interfaces in the ipnat/squid host - don't know why - maybe it's
peculiar to solaris as all FAQs suggest it should work with 127.0.0.1

On Fri, 27 Nov 1998 12:46:16 +0500 (KGT) CyberPsychotic
<mlists@gizmo.kyrnet.kg> wrote:

>
>
> Hello people,
> here I am trying to configure transparent proxy on solaris machine, using
> cisco router to redirect all the web traffic to solaris machine.
> setup is following:
>
> ---------------+---------LAN--------------+-------------+---
> _______|__________ _______|_____ __|__ |-- office
> | sun_box with ipf | |cisco router | |Linux|--|machines
> | | | | | | |(another LAN)
> | here I run squid| | | | masq| |--iternal IPs
> |and ipf with nat | ~~~~~|~~~~~~~ only
> ~~~~~~~~~~~~~~~~~~~~ | Serial/FRAME-RELAY link.
>
> on cisco I have set 'next-hop for all packets sent to anyhost, port 80
> should go to solaris machine,i.g. cisco redirects all the webtraffic to
> sun_box.
>
> on sun_box machine I have nat configured (with ipf) like this:
>
> all packets sent to SOL.MACHINE.ETH.IP:80 go to 127.0.0.1
> all packets sent to 0.0.0.0:80 go to SOL.MACHINE.ETH.IP:3128
>
> (the problem here is that when I used loopback address in latter case, I
> was getting error "connection reset by peer" in browser right away..ideas?).
>
> The general problem, when I use browser with no proxy settings, it
> downloads sites, but sometimes stops on the half way of the file, and
> reports 'connection is reset by peer', while the other times it could
> finish downloading up just fine. However sometimes it stops on the half
> way of this and never finishes up.I had the feeling that it's my link
> problem, but when I point out that I want to use proxy on browser, it
> downloads the same site just fine.(I tested this from a client sitting
> behind masqueraded machine, but I was told that machine with real IP works
> the same way as well).
>
>
> I was talking to mr. Quinton Dolan (q@fan.net.au), (since I browsed the
> list archive and have seen he has responded to the similar kind of post).
> and he suggested that either it could be a problem of different MTU.(but I
> checked all the MTU has the same value 1500 bytes). or the problem with
> masquerade on Linux machine, i.g. it could mess up packets or something.
> Well, I did an additional investigation, and tried to browse net from the
> box, directly connected to the same LAN with Sun_box and got almost the
> same picture. It downloads some first files fine, but fetches
> the half or even less of other files.
>
>
>
> I use squid-2 which is configured,compiled and installed exactly as it
> mentioned in FAQ. (with --enable-ipf-transparent, and all acceletator
> options turned in conf file).
>
> I would appreciate if anyone would share ideas what could cause this.
>
> Thanks beforehand.
>
> Fyodor
>
>
>
>

Regards,
Anthony Ryan
------------------------------------
Computer Centre, Bradford University
Received on Fri Nov 27 1998 - 03:49:33 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:23 MST