Hi Cris, Are they already using a Linux based router? Wccpd runs on a Linux box. It appears to me that wccpd is more of a load balancing tool than a redirector for transparent proxies.
You can do NAT on the router and accomplish your goal. Here is the link to what needs to happen (although it assumes you are using iptables) http://en.tldp.org/HOWTO/TransparentProxy-6.html I have approached this issue several ways. One is to enable wpad. The default IE behavior is to look for the proxy through autodiscovery. Wpad will fill in the blanks (usually). I also have the domain controller execute a regedit to be as sure as I can that the proxy is actually set. You can disable proxy changes using policies but with the schools I have worked with, there is usually a mix of 9x,2k, and xp boxes and I haven't have good luck with policies in that environment. I don't redirect port 80 at the router so if someone needs access to the net outside the proxy, it can be enabled by natting that boxes ip. I then block port 80 outbound to everything other than the squid box. If someone doesn't work at that point, those machines can be visited. This has worked well for several installations of 800 workstations or more. If they change their proxy, they just break the browser's ability to get web pages. Hope that helps, David Bronson On Fri, Feb 20, 2004 at 12:24:09PM -0500, Cris Boisvert wrote: > We currently have squidguard running as a Filter on port 8080 where people > define the filter in their browser to use it.. > > We are helping out a school systems that wants to do the same thing although > they need it to > Have a router do the port 80 redirects so that they don't have to go change > 500 browser options and the kids cannot remove the proxy settings.. > > I've read that I need to setup wccpd on the squid machine to get it to work > with the wccp cisco router redirect.? > > Has anyone out their done this? Does anyone have a better what of doing > this? > > Thanx > Cris Boisvert > >
