<div dir="ltr"><div><div><div><div><div><div><div><div>Hi all,<br><br></div>I have client who has his Policy Based Routing as:<br><br><p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">interface GigabitEthernet0/0/1.1 </span><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:red">(route policy on the LAN interface)</span><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"> ip policy route-map CFLOW</span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"> </span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"> </span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">ip access-list extended REDIRECT </span><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:red">(Redirect of my IP www)</span><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"> deny   tcp host 10.0.0.24 any eq www</span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"> permit tcp host 10.0.0.23 any eq www</span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"> </span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">route-map CFLOW permit 10 </span><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:red"> (route map)</span><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"> match ip address REDIRECT</span></p><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"> set ip next-hop 10.0.0.24<br><br><br><br></span></div><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">The 10.0.0.24 is my FreeBSD 10.1 running squid 3.5, with one interface, 10.0.0.23 is his laptop. The IP address of the Cisco is 10.0.0.9<br><br></span></div><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">I configured squid as:<br>./configure --prefix=/cache/squid --enable-follow-x-forwarded-for --with-large-files --enable-ssl --disable-ipv6 --enable-esi --enable-kill-parent-hack --enable-snmp --with-pthreads --with-filedescriptors=65535 --enable-cachemgr-hostname=hostname --enable-storeio=ufs,aufs,diskd,rock --enable-ipfw-transparent --enable-pf-transparent<br><br></span></div><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">My squid.conf has the following;<br># Squid normally listens to port 3128<br>http_port 3128 intercept<br>http_port 80 intercept<br>snmp_port 3401<br><br><br></span></div><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">If I remove the intercept and from a client browser points to the squid, it works. If I add the intercept, it does not work, I do not see any logs in my access.log file.<br><br><br></span></div><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">Any help will be highly appreciated<br><br><br></span></div><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">Thanks<br></span></div><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">Monah<br></span><div><div><div><div><div><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"><br></span></div></div></div></div></div></div>