Search squid archive

Question in WCCP with tproxy with cisco ACLS &Optimization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi ,
here i have two questions :
i have toplogy below :
<http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4661995/f5vnD.jpg> 

as we see above on image ive posted the cisco wccp config , and im assuming
config from squid is fine.

now assume i have client x  of ip 1.2.3.4 want to go to internet , and it is
the only user in my topology that want to go to internet,
so, my acls on router will be as :
===================================
ip access-list ex xxx
permit tcp  host 1.2.3.4 any eq 80

ip access-list ex yyy
permit tcp 80 any 1.2.3.4 
======================================
Question #1
im talking about the acl yyy
i found that if i confoigured the acl yyy as :
permit ip any 1.2.3.4 

it will also  let wccp with router and squid fine ,

but here i have question:
the 1st acl of yyy says that only www traffic that passed in squid , will be
return back to squid when it comes from internet.

but the 2nd acl of yyy says that all other traffic will come back to squid ,
which in my idea not  fine
i mean that in the  2nd acl , the https , pop3 , ftp , etc >>>> will pass in
squid when traffic come back from internet , because it was matched with acl
yyy that has the service 90 that responsible of returning traffic from
internet to squid .

so , i find that www traffic will be redirected to squid when matched by
service 80  and all other traffic of user 1.2.3.4 will pass in squid when it
return back from internet when match by service 90 .

my  question here , i want a  discussions about this point ,  am i right
when i discussed  above ??
if not plz clarify .



=================================================================

Question # 2


sometimes i want some users to  enter squid as squidguard , not for caching
. and dont them cache any objects
so ,
i try to let them match the service 80 ,  then they will be redirected to
squid  and  be checked for squiduard and i configure cache_deny  for them ."
so them will not pull from squid "

but i dont want them to be matched by service 90 that will pump them in
squid when they come from internet.

so , 
what i do is  , i just modify the  cisco acls as below  , and assume we are
on the same example of ip 1.2.3.4 :

ip access-list extended xxx
permit tcp  host 1.2.3.4 any eq 80

ip access-list extended yyy
deny  tcp 80 any 1.2.3.4 

as we see, i denied the traffic of serive 90  to be redirected from internet
into squid ,

but ..............



if i do that ,  the client 1.2.3.4  no longer can access internet 
????!!!!!!! and very small access.log in squid " not sure from this point
about access.log as i remember "

i dont know whey when i block client x from serivce 90 and allow him in
service 80  it cant access internet ,

?????


do i miss something about tproxy and wccp  at this point ???


but again , if i  denied him from service 80 acl and let him being matched
from service 90 acl ,
the client can access internet but not redirected in squid .


wish to clarify , and wish to know  how let users only being checked by
squidguard   &  not cache any object and not pull any object from squid. 


thanks alot .

with my best regards




-----
Mr.Ahmad
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Question-in-WCCP-with-tproxy-with-cisco-ACLS-Optimization-tp4661995.html
Sent from the Squid - Users mailing list archive at Nabble.com.




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux