If this question has been answered before, can someone at least point me in the right direction? > We recently deployed a squid server with tproxy and wccp. I followed some of > the steps listed at > http://wiki.squid-cache.org/ConfigExamples/FullyTransparentWithTPROXY, > compiling tproxy support on iptables, squid, and recompiling the linux > kernel with tproxy support. We able to browse all sites with, but receive > timeouts after logging into gmail or hotmail. Yahoo mail seems to works. > > Can anyone point me in the right direction, and tell me what I may be doing > wrong. BTW, we are using PIX for wccp, and have compiled ip_wccp. > > Squid Conf: > > debug_options ALL,1 > http_port 3128 transparent > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > cache deny QUERY > acl apache rep_header Server ^Apache > broken_vary_encoding allow apache > access_log /var/log/squid/access.log squid > hosts_file /etc/hosts > log_fqdn on > cache_dir ufs /var/spool/squid 2048 16 256 > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > acl EDN src X.X.X.X/X > acl all src 0.0.0.0/0.0.0.0 > acl CONNECT method CONNECT > visible_hostname mirror2.pelco.org > http_access allow all > http_reply_access allow all > > visible_hostname mirror2.pelco.org > coredump_dir /var/spool/squid > always_direct allow all > # memory mgmt ---------- > #cache_mem 100 MB > #maximum_object_size 10 MB > #----------------------- > cache_effective_user squid > > # WCCP > wccp2_router x.x.x.x > wccp2_service standard 0 > > iptables: > iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j TPROXY > --on-port 3128 > > > Confidentiality Notice: > The information contained in this transmission is legally > privileged and confidential, intended only for the use of the > individual(s) or entities named above. This email and any files > transmitted with it are the property of Pelco. If the reader of > this message is not the intended recipient, or an employee or agent > responsible for delivering this message to the intended recipient, > you are hereby notified that any review, disclosure, copying, > distribution, retention, or any action taken or omitted to be taken > in reliance on it is prohibited and may be unlawful. If you receive > this communication in error, please notify us immediately by > telephone call to +1-559-292-1981 or forward the e-mail to > administrator@xxxxxxxxx and then permanently delete the e-mail and > destroy all soft and hard copies of the message and any > attachments. Thank you for your cooperation.
<<attachment: smime.p7s>>
