We recently deployed a squid server with tproxy and wccp. I followed some of the steps listed at http://wiki.squid-cache.org/ConfigExamples/FullyTransparentWithTPROXY, compiling tproxy support on iptables, squid, and recompiling the linux kernel with tproxy support. We able to browse all sites with, but receive timeouts after logging into gmail or hotmail. Yahoo mail seems to works. Can anyone point me in the right direction, and tell me what I may be doing wrong. BTW, we are using PIX for wccp, and have compiled ip_wccp. Squid Conf: debug_options ALL,1 http_port 3128 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache access_log /var/log/squid/access.log squid hosts_file /etc/hosts log_fqdn on cache_dir ufs /var/spool/squid 2048 16 256 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl EDN src X.X.X.X/X acl all src 0.0.0.0/0.0.0.0 acl CONNECT method CONNECT visible_hostname mirror2.pelco.org http_access allow all http_reply_access allow all visible_hostname mirror2.pelco.org coredump_dir /var/spool/squid always_direct allow all # memory mgmt ---------- #cache_mem 100 MB #maximum_object_size 10 MB #----------------------- cache_effective_user squid # WCCP wccp2_router x.x.x.x wccp2_service standard 0 iptables: iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j TPROXY --on-port 3128 Confidentiality Notice: The information contained in this transmission is legally privileged and confidential, intended only for the use of the individual(s) or entities named above. This email and any files transmitted with it are the property of Pelco. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you receive this communication in error, please notify us immediately by telephone call to +1-559-292-1981 or forward the e-mail to administrator@xxxxxxxxx and then permanently delete the e-mail and destroy all soft and hard copies of the message and any attachments. Thank you for your cooperation.
<<attachment: smime.p7s>>
