Re: Extremely Transparent Proxy

From: Ahsan Khan <[email protected]>
Date: Thu, 1 Jun 2000 02:54:21 +0500

Visit the squid home page and follow the Steps, if you will face some
problem you will definitely get help from list and me.

With Regards
Ahsan Khan
Sr. System Admin
Internet Division (OneNet)
Sun Communication Pvt. Ltd.
Pakistan
http://www.one.net.pk

----- Original Message -----
From: "Diegmueller, Jason (I.T. Dept)" <diegmuej@stifel.com>
To: "'Ahsan Khan'" <ahsank@one.net.pk>
Sent: Thursday, June 01, 2000 2:18 AM
Subject: RE: Extremely Transparent Proxy

> Thanks for your input. I'll look in to WCCP. I've heard about
> it, don't really know what it does on a technical level.
>
> Just so I understand, I need to support WCCP in Squid *AND* on
> the Linux machine?
>
> : -----Original Message-----
> : From: Ahsan Khan [mailto:ahsank@one.net.pk]
> : Sent: Wednesday, May 31, 2000 3:56 PM
> : To: Diegmueller, Jason (I.T. Dept); squid-users@ircache.net
> : Subject: Re: Extremely Transparent Proxy
> :
> :
> : WCCP Support and bind the squid with Both Interfaces.
> :
> :
> : With Regards
> : Ahsan Khan
> : Sr. System Admin
> : Internet Division (OneNet)
> : Sun Communication Pvt. Ltd.
> : Pakistan
> : http://www.one.net.pk
> :
> :
> : ----- Original Message -----
> : From: "Diegmueller, Jason (I.T. Dept)" <diegmuej@stifel.com>
> : To: <squid-users@ircache.net>
> : Sent: Thursday, June 01, 2000 12:39 AM
> : Subject: Extremely Transparent Proxy
> :
> :
> : > Squid Users--
> : >
> : > I have searched the archives, and can't seem to find anyone
> : else who has
> : > looked at doing thing.
> : >
> : > I'm reasonably familiar with squid, and extremely familiar
> : with Linux.
> : > The other day, I spent a few minutes setting up a
> : Transparent Proxy. It
> : > worked great in testing, I'm now looking at things from a
> : network design
> : > aspect.
> : >
> : > Our company is looking in to putting a squid machine in
> : front of a HEAVILY
> : > loaded web server ("Intranet Server"). The web server
> : connects directly
> : > to a Cisco Catalyst 5505 switch with both NICs utilizing
> : HP's EtherChannel
> : > implementation ("EtherTeaming"). This effectively doubles
> : bandwidth and
> : > provides hardware fault tolerance in a way on both the
> : Catalyst (should a
> : > port go) and on the server (should a NIC go).
> : >
> : > My original plan (before I started really looking to squid as a
> : transparent
> : > proxy) was to utilize Linux's bonding driver to achieve
> : 200Mb to the Linux
> : > box, and 200Mb to the HP Server (thus, 4 NICs). Unfortunately, I'm
> : limited
> : > to only one instance of the bonding.o driver. So I'll just
> : do 200Mb to
> : the
> : > switch, and 100Mb to the server. Not too big of a deal.
> : If someone knows
> : a
> : > workaround, let me know.
> : >
> : > The question comes in here:
> : > If I'm using a two-interface solution, obviously I'm going
> : to have to
> : route
> : > between the "outside" and the "inside" interface. If I do this, I'm
> : > seriously
> : > messing with addressing scheme of things here. I'd have to
> : create a whole
> : > new IP network for this Intranet server, and somehow
> : advetise it to the
> : rest
> : > of my network (we use EIGRP, so I'd probably have to use zebra and
> : > redistribute RIPv2 in to EIGRP) .. it would be ugly.
> : >
> : > Another option I thought was that I could renumber the
> : Intranet box, do
> : > ipmasq, and simply forward every single port to the
> : Intranet machine. But
> : > again, that's reasonably "ugly".
> : >
> : > So is there any "clean" way to implement an almost
> : INVISIBLE proxy server?
> : > Perhaps do bridging between the "outisde" and "inside"
> : iterfaces, but
> : still
> : > have the ability to hijack requests to TCP port 80 and
> : deliver them to
> : > squid?
> : > Has anyone done anything like this before? If so, do
> : share. If not,
> : think
> : > I'm on the right path? Does this sound feasible?
> : >
> : > I'd just like to implement a squid proxy WITHOUT having to
> : redesign a lot
> : > of things (and in the process piss of the systems team). I
> : considered
> : doing
> : > a route-map on the Cat5505's RSM but when I was playing
> : around with that
> : > yesterday load went through the roof (this is an awfully
> : busy Catalyst).
> : >
> : > Insight, thoughts, and expertise is appreciated. Thanks!
> : >
> :
>
Received on Wed May 31 2000 - 15:51:38 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:42 MST