Not sure why the client is running old hard/soft ware, could it be cause of the hardware? Is FreeBSD an issue, should I switch to linux?
On Thu, Mar 5, 2015 at 10:14 AM, Yuri Voinov <yvoi...@gmail.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Wow, 7600! > > But why is so antique iOS?! Current is 15.4 > > 05.03.15 21:09, Monah Baki пишет: > > PORT STATE SERVICE VERSION 23/tcp open telnet Cisco IOS > > telnetd MAC Address: 88:5A:92:63:77:81 (Cisco) Device type: router > > Running: Cisco IOS 12.X OS CPE: cpe:/h:cisco:7600_router > > cpe:/o:cisco:ios:12.2 OS details: Cisco 7600 router (IOS 12.2) > > Network Distance: 1 hop TCP Sequence Prediction: Difficulty=258 > > (Good luck!) IP ID Sequence Generation: Randomized Service Info: > > OS: IOS; Device: switch; CPE: cpe:/o:cisco:ios > > > > > > On Thu, Mar 5, 2015 at 9:31 AM, Yuri Voinov <yvoi...@gmail.com> > > wrote: > > > > What is Cisco model and iOS version? > > > > 05.03.15 20:25, Monah Baki пишет: > >>>> Yes, correct > >>>> > >>>> On Thu, Mar 5, 2015 at 9:23 AM, Yuri Voinov > >>>> <yvoi...@gmail.com> wrote: > >>>> > >>>> 10.0.0.23 is your host? And 10.0.0.24 is proxy box? > >>>> > >>>> 05.03.15 20:15, Monah Baki пишет: > >>>>>>> '--prefix=/cache/squid' > >>>>>>> '--enable-follow-x-forwarded-for' '--with-large-files' > >>>>>>> '--enable-ssl' '--disable-ipv6' '--enable-esi' > >>>>>>> '--enable-kill-parent-hack' '--enable-snmp' > >>>>>>> '--with-pthreads' '--with-filedescriptors=65535' > >>>>>>> '--enable-cachemgr-hostname=hostname' > >>>>>>> '--enable-storeio=ufs,aufs,diskd,rock' > >>>>>>> '--enable-ipfw-transparent' '--enable-pf-transparent' > >>>>>>> '--with-nat-devpf' --enable-ltdl-convenience > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> On Thu, Mar 5, 2015 at 9:14 AM, Yuri Voinov > >>>>>>> <yvoi...@gmail.com> wrote: > >>>>>>> > >>>>>>> This looking good too. > >>>>>>> > >>>>>>> Stupid question: > >>>>>>> > >>>>>>> With witch interception option squid builed? > >>>>>>> > >>>>>>> I.e, squid -v? > >>>>>>> > >>>>>>> 05.03.15 18:19, Monah Baki пишет: > >>>>>>>>>> Hi all, can anyone verify if this is correct, > >>>>>>>>>> need to make ure that users will be able to > >>>>>>>>>> access the internet via the squid. > >>>>>>>>>> > >>>>>>>>>> Running FreeBSD with a single interface with > >>>>>>>>>> Squid-3.5.2 > >>>>>>>>>> > >>>>>>>>>> Policy based routing on Cisco with the > >>>>>>>>>> following: > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> interface GigabitEthernet0/0/1.1 > >>>>>>>>>> > >>>>>>>>>> encapsulation dot1Q 1 native > >>>>>>>>>> > >>>>>>>>>> ip address 10.0.0.9 255.255.255.0 > >>>>>>>>>> > >>>>>>>>>> no ip redirects > >>>>>>>>>> > >>>>>>>>>> no ip unreachables > >>>>>>>>>> > >>>>>>>>>> ip nat inside > >>>>>>>>>> > >>>>>>>>>> standby 1 ip 10.0.0.10 > >>>>>>>>>> > >>>>>>>>>> standby 1 priority 120 > >>>>>>>>>> > >>>>>>>>>> standby 1 preempt > >>>>>>>>>> > >>>>>>>>>> standby 1 name HSRP > >>>>>>>>>> > >>>>>>>>>> ip policy route-map CFLOW > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> ip access-list extended REDIRECT > >>>>>>>>>> > >>>>>>>>>> deny tcp host 10.0.0.24 any eq www > >>>>>>>>>> > >>>>>>>>>> permit tcp host 10.0.0.23 any eq www > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> route-map CFLOW permit 10 > >>>>>>>>>> > >>>>>>>>>> match ip address REDIRECT set ip next-hop > >>>>>>>>>> 10.0.0.24 > >>>>>>>>>> > >>>>>>>>>> In my /etc/pf.conf rdr pass inet proto tcp from > >>>>>>>>>> 10.0.0.0/8 to any port 80 -> 10.0.0.24 port 3129 > >>>>>>>>>> > >>>>>>>>>> # block in pass in log quick on bge0 pass out log > >>>>>>>>>> quick on bge0 pass out keep state > >>>>>>>>>> > >>>>>>>>>> and finally in my squid.conf: http_port 3128 > >>>>>>>>>> http_port 3129 intercept > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> And for testing purposes from the squid server: > >>>>>>>>>> ./squidclient -h 10.0.0.24 -p 3128 > >>>>>>>>>> http://www.freebsd.org/ > >>>>>>>>>> > >>>>>>>>>> If I replace -p 3128 with -p 80, I get a access > >>>>>>>>>> denied, and if I omit the -p 3128 completely, I > >>>>>>>>>> can access the websites. > >>>>>>>>>> > >>>>>>>>>> tcpdump with (-p 3128) > >>>>>>>>>> > >>>>>>>>>> 13:15:02.681106 IP ISN-PHC-CACHE.44017 > > >>>>>>>>>> wfe0.ysv.freebsd.org.http: Flags [.], ack 17377, > >>>>>>>>>> win 1018, options [nop,nop,TS val 985588797 ecr > >>>>>>>>>> 1054387720], length 0 13:15:02.681421 IP > >>>>>>>>>> wfe0.ysv.freebsd.org.http > ISN-PHC-CACHE.44017: > >>>>>>>>>> Flags [.], seq 17377:18825, ack 289, win 1040, > >>>>>>>>>> options [nop,nop,TS val 1054387720 ecr > >>>>>>>>>> 985588501], length 1448 13:15:02.681575 IP > >>>>>>>>>> wfe0.ysv.freebsd.org.http > ISN-PHC-CACHE.44017: > >>>>>>>>>> Flags [.], seq 18825:20273, ack 289, win 1040, > >>>>>>>>>> options [nop,nop,TS val 1054387720 ecr > >>>>>>>>>> 985588501], length 1448 > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> Did I miss anything? > >>>>>>>>>> > >>>>>>>>>> Thanks Monah > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> _______________________________________________ > >>>>>>>>>> squid-users mailing list > >>>>>>>>>> squid-users@lists.squid-cache.org > >>>>>>>>>> http://lists.squid-cache.org/listinfo/squid-users > >>>>>>>>>> > >>>>>>>> > >>>>>>>>>> > _______________________________________________ > >>>>>>>> squid-users mailing list > >>>>>>>> squid-users@lists.squid-cache.org > >>>>>>>> http://lists.squid-cache.org/listinfo/squid-users > >>>>>>>> > >>>>>>> > >>>>> > >>>> > >> > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBAgAGBQJU+HLNAAoJENNXIZxhPexGQi8IAIfEtSR4e/FsHLwRqf7ynMMq > tU6HhEyn1sce/YI+WfJ8gTGwBw5mbQr5WklK+3Rnkuq86ZFokVPahOXJg3lILD5I > D+VfWc0rNNP3VLWJeC9OnacwVMzT52Ij7YeNLR0KJPpWzCLjOGf0PyqaXJftnWjx > iT6CfeT+awwvKnogr1h3Cp/T4EDCwgTSSnjViaQjvFbFZa4MtJ1vWdCWoF0bSZic > 5lmIc59Rb8VYTyFFjG4ZxSmZIK/xH+HDO4/IZhkL0CN1GmleALGiPFQ5szDCzIoB > 7lXlN2M0usbXgREhu26gbHUV8716EN+Kgx2RsiFPREDPrqJmZLDSA0zv4FpN/n4= > =a+x7 > -----END PGP SIGNATURE----- >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users