WCCP/Linux 2.2/Squid 2.3

Sorry to those who are offended by posting DEVEL stuff to the users list.

This is for people who are attempting to get WCCP working on linux and
failing. The important step is the "iptunnel"

Nap time.

glenn

> What I do to get GRE0 to work is the following...
>
> modprobe ip_gre

Insert :

iptunnel add gre1 mode gre remote (Router IP) local (Host IP) dev (eth0)

[ The router ip is the address which the GRE packets are comming from the
router, if you are not sure check with tcpdump]

[ Make sure that your localadress is the one that the router is sending to
and that the device is the correct one]
 
ifconfig gre1 up

Dont do:

> ifconfig gre0 up

This gets the packets to your ipchain rules. If they are wrong then you
will still have problems.

> My squid is running on port 8080. My Cisco box is 7200 series IOS is 11.2,
> and my router "sees" the WCCP proxy alive and usable...
>
> I also have this box configured for transparent proxy with the redirect in
> the router, which I ofcourse switch off when I try WCCP...
>
> #enabling transparent proxying...
> /sbin/ipchains -A input -j ACCEPT -i lo
> /sbin/ipchains -A input -j ACCEPT -p tcp -d x.x.x.x 8080
> /sbin/ipchains -A input -j REDIRECT 8080 -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80
> /sbin/ipchains -A input -j REDIRECT 8080 -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0
> 8080
> /sbin/ipchains -A input -j REDIRECT 8080 -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0
> 3128
> echo 1 >/proc/sys/net/ipv4/ip_forward
>

Your rules look fine at first glance. I suggest that you do the above and
then try :

cat /proc/net/ip_fwchains

It will give something like :

    input 00000000/00000000->00000000/00000000 - 10 0 47 0 8
0 544 0-65535 0-65535 AFF X00 00000000 0 0 REJECT

The 8 is the packet counter the 544 is the byte counter. They will show
which rules are firing.

glenn
Received on Mon Sep 27 1999 - 02:15:45 MDT