[squid-users] Transparent proxying, and gateway redirection problems

From: Daniel Barron <[email protected]>
Date: Wed, 15 Oct 2003 13:12:19 +0100

For various reasons I need to run squid transparently proxying but not on
the firewall.

eg:

firewall(normal gateway) - 192.168.0.1
squid box - 192.168.0.2
2k clients - 192.168.0.x (gateway set to .2)

To do this I have set the squid box as default route on the clients and
configured squid 2.5 to work transparently. The squid box's default route
is the firewall. Yes I know this is a bit odd but does have advantages
such as when the firewall is an appliance that can't have squid installed.

The problem is that the clients automagically reroute bypassing the squid
box and go directly to the firewall. Thus not being transparently proxied.

This problem has only started happening since I upgraded the squid box from
a RH6.2 to a RH8.

I thought it might be icmp redirects so have switched it off in
/proc/sys/net/ipv4/conf/*/send_redirects

but this made no difference.

I put back the old and dieing RH62 box just to be sure I was not going mad
and sure enough the clients did not bypass the squid box and transparent
worked perfectly.

Anyone any ideas? My guess is its something to do with new features in the
2.4 Linux kernel. But that's as far as I've got.

-- 
Daniel Barron
(Visit http://dansguardian.org/ - True web content filtering for all)
Received on Wed Oct 15 2003 - 06:11:50 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:30 MST