How are you decapsulating the WCCP GRE packets? While the WCCP
HERE_I_AM and I_SEE_YOU messages are not encapsulated, the client
requests are GRE encapsulated. On Linux, you would use ip_wccp or a
patched ip_gre module, but I guess FreeBSD has an equivelent (the patch
to ip_gre on Linux is very simple and probably easily reproduced in the
gre code for FreeBSD).
Good luck.
Alexey A. Britchko wrote:
> os FreeBSD 4.2 cisco 3661 router
>
> Steps in order to make my squid to work as transparent
> proxy:
> 1. Configure squid with --enable-ipf-transparent option,
> make and install it.
> 2. Configure kernel. Adding IP_FIREWALL,
> FIREWALL_DEFAULT_TO_ACCEPT and IPFIREWALL_FORWARD
> .
> 3. Configure cisco to redirect packets:
>
> ip wccp version 1
> ip wccp web-cache redirect-list fwd-2-squid
> interface Serial3/0
> bandwidth 256
> ip address 213.189.206.130 255.255.255.252
> ip access-group Ext-ip-in in
> ip access-group Ext-ip-out out
> no ip redirects
> ip accounting output-packets
> ip wccp redirect exclude in
> ip audit AUDIT.1 in
> ip route-cache flow
> no ip mroute-cache
> random-detect
> !
> ip access-list standard fwd-2-squid
> deny 213.189.214.1 log
> permit 213.189.214.0 0.0.0.255
> deny any
>
> 4. Configure ipfw :
> ipfw add allow all from any to any
> ipfw add fwd 213.189.214.1,3128 tcp from any to any 80
>
>
> 5. Configure SQUID:
> http_port 3128
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> Squid and cisco sees each other (messages in cosco log: i
> see you, here I am).
> But redirection doesn't work.
>
> Any ideas?
>
> Best regard,
> Alexey
--
Joe Cooper <joe@swelltech.com>
Affordable Web Caching Proxy Appliances
http://www.swelltech.com
Received on Wed Jul 25 2001 - 22:46:11 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:19 MST