From owner-freebsd-questions  Wed Apr  5  1:39:45 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from balrog.rt.ru (balrog.rt.ru [195.161.0.169])
	by hub.freebsd.org (Postfix) with ESMTP id 3410537B8FC
	for <freebsd-questions@FreeBSD.ORG>; Wed,  5 Apr 2000 01:39:39 -0700 (PDT)
	(envelope-from dima@rt.ru)
Received: from rt.ru (localhost [127.0.0.1])
	by balrog.rt.ru (8.9.3/8.9.3) with ESMTP id MAA12480;
	Wed, 5 Apr 2000 12:39:05 +0400 (MSD)
	(envelope-from dima@rt.ru)
Message-ID: <38EAFBA9.22F8267C@rt.ru>
Date: Wed, 05 Apr 2000 12:39:05 +0400
From: "Dmitry S. Rzhavin" <dima@rt.ru>
Organization: Rostelecom
X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 4.0-20000103-CURRENT i386)
X-Accept-Language: ru, en
MIME-Version: 1.0
To: Alejandro Ramirez <ales@megared.net.mx>
Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: squid and wccp
References: <38DA3109.F7A8597F@rt.ru> <096801bf99b0$19f8e8e0$020a0a0a@megared.net.mx> <38E31786.7034FC27@rt.ru> <004201bf9a63$d285ff20$020a0a0a@megared.net.mx> <38E47D81.2E278445@rt.ru> <019401bf9bf6$0eedf880$020a0a0a@megared.net.mx>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Thanks, it works. But there are 2 more questions: about wccp_router and
security.

Or, more exactly:
I have:
1) host with squid (with 3 network interface: ip1, ip2 and ip3).
2) 2 "my" nets: net of routers and company LAN (net1:mask1 and net2:mask2)
3) number of routers (ipr1.1 ... ipr1.n, ipr2.1 ... ipr2.n, etc.)
All routers connected to routers net with ipr{$i}.1. Net2 has internet
(not private) address space and connected to ipr1.2. Squid connected to

routers net with ip1 and ip2 interfaces and to company net with ip3, like this:

   ipr2.2|    to uplink|
to    ___|_____     ___|_____
client|       |     |       |     | company
   ---|router2|     |router1|-----|   LAN
ipr2.3|_______|     |_______|     |
         |  routers net |         |-- our local
         ----[switch]------       |    servers and
to    ___|_____     ___|__|__     |--- workstations
uplink|       |     |  1  2 |     |
  ----|router3|     | squid |-----|
ipr3.2|_______|     |_______|ip3

(hope you can see this)

I want to:
1) redirect all web traffic from all routers to squid, using wccp.
2) allow our company LAN to use proxy directly.
3) prevent all others from accessing proxy directly
4) try to ballance load between all 3 squid interfaces.

Can I do it?

PS: for now only 1 router redirects requests to squid.
Only ip1 is up. Both router and squid connected to
cisco switch at 100Mbit full duplex. Traffic to squid is
about 5Mbit/sec. But I see:
Name  Mtu   Network       Address            Ipkts Ierrs    Opkts Oerrs  Coll
xl0   1500  <Link>      00.50.da.3a.db.a3   241522  2780   252941     4  8740
xl0   1500  195.161.0.128 ip1               241522  2780   252941     4  8740
                                                    ^^^^                 ^^^^
and a lot of timeouts on xl0. If I configure fxp (EtherExpress) instead of xl
(3c905b), net dies after 5 mins because of timeouts. Why can it be so?




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message