Re: [cisco-ttl] transparent proxy

From: Ilker Gokhan (ilker.gokhan@linux.org.tr)
Date: Fri May 09 2003 - 09:55:08 GMT

  • Next message: tayfun guler: "Re: [cisco-ttl] Uydu_Řzerinden_VPN"

    Kisaca soyle:
    1- Cisco da yapilacaklar:
    ------------------------

    version 12.1

    ip wccp version 1
    ip wccp web-cache

    interface FastEthernet0/0
     ip wccp web-cache redirect out
     ip policy route-map proxy-redirect

    2- squid.conf
    ---------------
    # HTTPD-ACCELERATOR OPTIONS
    #
    -----------------------------------------------------------------------------

    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_single_host off
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on

    # wccp_router 0.0.0.0

    wccp_router 10.14.0.2
    # TAG: wccp_version
    # According to some users, Cisco IOS 11.2 only supports WCCP
    # version 3. If you're using that version of IOS, change
    # this value to 3.
    #
    #Default:
    # wccp_version 4

    wccp_version 4
    # TAG: wccp_incoming_address
    # TAG: wccp_outgoing_address
    # wccp_incoming_address Use this option if you require WCCP
    # messages to be received on only one
    # interface. Do NOT use this option if
    # you're unsure how many interfaces you
    #Default:
    # wccp_incoming_address 0.0.0.0
    # wccp_outgoing_address 255.255.255.255

    3- FreeBSD:
    ----------

    _ Squid Patch bildigin patch.. :-)

    _ etest# uname -a
    FreeBSD etest.ayatirim.com.tr 4.5-RELEASE FreeBSD 4.5-RELEASE #2: Wed Aug
    28 16:48:49 EEST 2002
    root@etest.ayatirim.com.tr:/usr/src/sys/compile/RIGKERN i386

    _ RIGKERN:
    -----------
    #Transparent Proxy GRE tunnel..
    options GRE # Transparent proxy icin kull..

    #FIREWALL OPTIONS..
    options IPFIREWALL
    options IPDIVERT
    options IPFIREWALL_FORWARD
    options IPFIREWALL_VERBOSE
    options IPFIREWALL_VERBOSE_LIMIT=100
    options TCPDEBUG
    options TCP_DROP_SYNFIN
    options IPSTEALTH
    options ICMP_BANDLIM
    options DUMMYNET

    #dosya sonu....
    ------------

    _ IPFW LIST:
    -----------
    00048 allow tcp from any to me 80
    00049 allow tcp from 10.14.4.31 to any
    00050 fwd 127.0.0.1,3128 tcp from any to any 80
    60000 allow tcp from me to 10.14.3.2
    61000 allow ip from any to any

    10.14.3.2 -- proxy adresi

    Umarim biraz isik tutar..

    Saygilar..
    Ilker G.
    -------
    ilker.gokhan@siemens.com.tr

    On Fri, 9 May 2003, onur kasap wrote:

    > Date: Fri, 9 May 2003 04:17:56 -0700 (PDT)
    > From: onur kasap <kasap_onur@yahoo.com>
    > Reply-To: cisco-ttl@yahoogroups.com
    > To: cisco-ttl@yahoogroups.com
    > Subject: Re: [cisco-ttl] transparent proxy
    >
    > gonderebilirseniz cok sevinirim
    > tesekkurler
    >
    > --- Ilker Gokhan <ilker.gokhan@linux.org.tr> wrote:
    > > Bir de wccp modu kullanamayi deneyin bence. Boyle
    > > yaparsaniz proxy niz
    > > calismasa bile kullanicilarin internet erisimi anlik
    > > bir kesintinin
    > > sonrasinda devam edecektir.
    > >
    > > Bu konuda ayrintiyi verdigim squid seminer
    > > slaytlarindan
    > > edinebilirsiniz.(wccp avantajlari vs.)
    > >
    > > http://istanbul.linux.org.tr/~ilkerg
    > >
    > > Isterseniz cisco conf. bilgilerini de
    > > gonderebilirim. Daha once FreeBSD
    > > uzerinde wccp ile bir uygulama yapmistim.
    > >
    > > Saygilar..
    > > Ilker G.
    > >
    > >
    > > On Fri, 9 May 2003, onur kasap wrote:
    > >
    > > > Date: Fri, 9 May 2003 03:05:48 -0700 (PDT)
    > > > From: onur kasap <kasap_onur@yahoo.com>
    > > > Reply-To: cisco-ttl@yahoogroups.com
    > > > To: cisco-ttl@yahoogroups.com
    > > > Subject: Re: [cisco-ttl] transparent proxy
    > > >
    > > > saol ilker hocam
    > > > simdi calisti. peki ayni sekilde istanbul
    > > ofisimizi
    > > > bizim ustumuzden internette cikartmak istersek
    > > ????
    > > > acl 110 permit any any eq 80
    > > > yeterli olacak ??
    > > >
    > > >
    > > >
    > > > --- Ilker Temir <itemir@cisco.com> wrote:
    > > > > Burada mantiksal bir hata var, bu
    > > configurasyonla
    > > > > proxy'den gelen
    > > > > request'leri de yine proxy'e geri gondermis
    > > > > oluyorsunuz.
    > > > >
    > > > > ACL'e proxy'yi dahil etmemeniz gerekli,
    > > > >
    > > > > access-list 110 deny tcp host 192.168.1.1 any
    > > > > access-list 110 permit tcp any any eq 80
    > > > >
    > > > > gibi.
    > > > >
    > > > > Bayagi eski ama asagidaki URL isinize
    > > yarayabilir
    > > > > sanirim
    > > > >
    > > > >
    > > http://www.linux.org.tr/belgeler/squid/proxy.html
    > > > >
    > > > > Ilker
    > > > >
    > > > > | merhaba arkadaslar
    > > > > |
    > > > > | su an kendi ofisimizde url filtering yapmak
    > > icin
    > > > > squid
    > > > > | kullaniyoruz. ve bunu asagidaki gibi
    > > transparent
    > > > > | olarak yapmak istyorum fakat bir turlu
    > > beceremedim
    > > > > |
    > > > > | interface FastE 0
    > > > > | ip address 192.168.1.2 255.255.255.0
    > > > > | no ip directed-broadcast
    > > > > | no ip mroute-cache
    > > > > | ip policy route-map proxy-redir
    > > > > | media-type auto
    > > > > | access-list 110 permit tcp any any eq www
    > > > > | route-map proxy-redir permit 10
    > > > > | match ip address 110
    > > > > | set ip next-hop 192.168.1.1
    > > > > |
    > > > > |
    > > > > | zannedersem access-list de bi sorun var ama
    > > bir
    > > > > turlu
    > > > > | bulamadim. elinde bu konu ile ilgili dokuman
    > > olan
    > > > > | varmi
    > > > > | yada daha once benzer bir konfigurasyon yapan
    > > > > varmi
    > > > > |
    > > > > | tesekkurler iyi calismalara
    > > > > |
    > > > > |
    > > > > | __________________________________
    > > > > | Do you Yahoo!?
    > > > > | The New Yahoo! Search - Faster. Easier. Bingo.
    > > > > | http://search.yahoo.com
    > > > > |
    > > > > |
    > > > > | Bu listenin Cisco Systems ile dogrudan
    > > herhangi
    > > > > bir baglantisi
    > > > > bulunmamaktadir.
    > > > > |
    > > > > | Listeden cikmak išin
    > > > > cisco-ttl-unsubscribe@yahoogroups.com adresine
    > > bir
    > > > > e-posta g÷nderebilirsiniz.
    > > > > |
    > > > > | Your use of Yahoo! Groups is subject to
    > > > > http://docs.yahoo.com/info/terms/
    > > > > |
    > > > > |
    > > > > |
    > > > >
    > > > >
    > > >
    > > >
    > > > __________________________________
    > > > Do you Yahoo!?
    > > > The New Yahoo! Search - Faster. Easier. Bingo.
    > > > http://search.yahoo.com
    > > >
    > > >
    > > > Bu listenin Cisco Systems ile dogrudan herhangi
    > > bir baglantisi bulunmamaktadir.
    > > >
    > > > Listeden cikmak išin
    > > cisco-ttl-unsubscribe@yahoogroups.com adresine bir
    > > e-posta g÷nderebilirsiniz.
    > > >
    > > > Your use of Yahoo! Groups is subject to
    > > http://docs.yahoo.com/info/terms/
    > > >
    > > >
    > >
    >
    >
    > __________________________________
    > Do you Yahoo!?
    > The New Yahoo! Search - Faster. Easier. Bingo.
    > http://search.yahoo.com
    >
    >
    > Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.
    >
    > Listeden cikmak išin cisco-ttl-unsubscribe@yahoogroups.com adresine bir e-posta g÷nderebilirsiniz.
    >
    > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
    >
    >

    ------------------------ Yahoo! Groups Sponsor ---------------------~-->
    Rent DVDs from home.
    Over 14,500 titles. Free Shipping
    & No Late Fees. Try Netflix for FREE!
    http://us.click.yahoo.com/BVVfoB/hP.FAA/uetFAA/26EolB/TM
    ---------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak išin cisco-ttl-unsubscribe@yahoogroups.com adresine bir e-posta g÷nderebilirsiniz.

    Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/



    This archive was generated by hypermail 2.1.5 : Fri May 09 2003 - 13:55:11 GMT