Squid wont works with rpm You have to install squid Source with -enable-linux-netfilter feature. -----Original Message----- From: Kola Ibikunle [mailto:kola@xxxxxxxxxxxxxxxx] Sent: Saturday, July 09, 2005 2:38 AM To: squid-users@xxxxxxxxxxxxxxx Subject: Transparent Proxy using squid and wccp Hello, I have attempted to conduct a transparent proxy using squid and a cisco router according to information in the article http://www.linux-mag.com/content/view/1957/2303. It seems to me that the packets are getting redirected by the router but squid isnt forwarding. Please look thru and advise Squid runs on Fedora Core 3 and installed via rpm. The router run IOS 12.2 I succeeded in getting the squid box registered with router Router#sh ip wccp Global WCCP information: Router information: Router Identifier: 192.168.1.18 Protocol Version: 1.0 Service Identifier: web-cache Number of Cache Engines: 1 Number of routers: 1 Total Packets Redirected: 3660 Redirect access-list: 150 Total Packets Denied Redirect: 0 Total Packets Unassigned: 0 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 but I am unable to browse tcpdump on the linux box running FC 3 shows unreacheable admin prohibited while the debug screenshot is Router# *Mar 1 03:17:39.183: WCCP-PKT: Received valid Here_I_Am packet from 192.168.1.23 w/rcvd_id 00000335 *Mar 1 03:17:39.183: WCCP-PKT: Sending I_See_You packet to 192.168.1.23 w/ rcvd_id 00000336 *Mar 1 03:17:46.491: ICMP: dst (192.168.1.18) prohibited unreachable rcv from 192.168.1.23 *Mar 1 03:17:49.195: WCCP-PKT: Received valid Here_I_Am packet from 192.168.1.23 w/rcvd_id 00000336 *Mar 1 03:17:49.195: WCCP-PKT: Sending I_See_You packet to 192.168.1.23 w/ rcvd_id 00000337 *Mar 1 03:17:49.443: ICMP: dst (192.168.1.18) prohibited unreachable rcv from 192.168.1.23 Below is my Router COnfig Router#sh conf Using 1198 out of 155640 bytes ! version 12.2 service config service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! enable secret 5 $1$.nU6$zrTYq3u9FqrEs1z3VR6yO/ enable password 12345 ! ip subnet-zero ip wccp version 1 ip wccp web-cache redirect-list 150 ip cef ! ! ! ! ! ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.18 255.255.255.0 ip nat inside no ip mroute-cache speed auto half-duplex no cdp enable ! interface FastEthernet0/1 ip address 111.222.111.110 255.255.255.128 ip wccp web-cache redirect out ip nat outside no ip mroute-cache duplex auto speed auto no cdp enable ! ip nat pool ovrld 111.222.111.110 111.222.111.110 prefix-length 24 ip nat inside source list 7 pool ovrld overload ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 ip http server ! ! access-list 7 permit 192.168.1.0 0.0.0.255 access-list 150 permit tcp 192.168.1.0 0.0.0.255 any access-list 150 deny tcp any any ! ! call rsvp-sync ! ! mgcp profile default ! ! ! dial-peer cor custom ! ! ! ! line con 0 exec-timeout 0 0 line 33 62 flush-at-activation line aux 0 line vty 0 4 password 1234 login ! end
