[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

squid problem




hey guys

i got a scenario here let me try and break it down:

i have two providers one is giving me downlink and uplink services {/24}
and the second provider is only giving me a downlink service(dvb) {/23}

i have a squid server on my /24 network which is working perfectly, i am
trying to add a second squid server for my /23 but it is giving me some
hell below are my router statement for tranparent proxy on my core and
distribution routers:

[core]

ip access-list extended WEB_PROXY
 deny   tcp host AA.BB.CC.DD any eq www
 permit tcp any any eq www


route-map proxy-redir permit 20
 match ip address WEB_PROXY
 set ip default next-hop AA.BB.CC.DD

on my e0/0 i have "ip policy route-map proxy-redir" the above rules are
also on my distribution router, these work flawlessly for my /24, i have
used up the second ethernet interfaces for my /23 network on both routers,
i get all www requets for the /23 network hitting the new squid box which
is okey, BUT the funny this is  that the new squid box doesnt seem to be
making any requests nothing is being reflected in
the /var/squid/log/access_log, but when i do a tcpdump on eth0 i see all
the requests coming in but nothing in the access_log:

[ipchains firewall config]
#SQUID HTTP REDIRECTION
$IPCHAINS -I input -p tcp -d 0/0 80 -i $OUTERIF -j REDIRECT 3128
$IPCHAINS -I input -p tcp -s $REMOTENET -d $OUTERNET 80 -i $OUTERIF -j
REJECT -l

[/ipchains firewall config]

users on the /23 can ping out to the NET fine, can view any webpages on my
webserver but cant browse any internet website but can have a clean ping to
them. this is puzzling considering the squid build is similar to my
existing build. Anyone had this problem before or know what i could be
missing.


all help is appreciated

cheers

Ziggy



-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org