Policy Routing web traffic on a Cisco 2501 Router
by Brian Feeny
Warning: Any example presented here is provided "as-is" with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list.
Outline
Here is how I have Interception proxying working for me, in an environment where my router is a Cisco 2501 running IOS 11.1.
You also need to configure the squid machine to handle the traffic it receives. See ConfigExamples/Intercept for details on configuring the rest.
Cisco Configuration
![/!\](/wiki/squidtheme/img/alert.png "/!\")
Replace SQUIDIP in the following with the IP address of your Squid host. Replace ROUTERIP in the following with the IP address of your Router.
In IOS 11.1 the route-map command is "process switched" as opposed to the faster "fast-switched" route-map which is found in IOS 11.2 and later. Even more recent versions CEF switch for much better performance.
! interface Ethernet0 description To Office Ethernet ip address ROUTERIP 255.255.255.0 no ip directed-broadcast no ip mroute-cache ip policy route-map proxy-redir ! access-list 110 deny tcp host SQUIDIP any eq www access-list 110 permit tcp any any eq www route-map proxy-redir permit 10 match ip address 110 set ip next-hop SQUIDIP
So basically from above you can see I added the "route-map" declaration, and an access-list, and then turned the route-map on under int e0 "ip policy route-map proxy-redir" The host above: SQUIDIP, is the ip number of my squid host.
Thanks
Many thanks to the following individuals and the squid-users list for helping me get redirection and interception proxying working on my Cisco/Linux box.
- Lincoln Dale
- Riccardo Vratogna
- Mark White