Re: [squid-users] WCCP/GRE Transparent Proxy

From: Venkatesh. K <venkatesh@dont-contact.us>
Date: Sun, 5 Oct 2003 16:50:30 +0530

The router redirects the packets to the cache but wont rewrite the
destination port. You need to redirect the port 80 traffic to 3128 or
whatever port your proxy is running ?

/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports
3128

Are you saying people are able to browse ?

If you are not using cache box as gateway consider disabling the ip
forwarding. It might help you in trouble shooting as cache box might be
forwarding packets back to the router...

Venkatesh K

----- Original Message -----
From: "Michael Menefee" <mmenefee@usnetworksinc.com>
To: <squid-users@squid-cache.org>
Sent: Saturday, October 04, 2003 11:41 PM
Subject: [squid-users] WCCP/GRE Transparent Proxy

> All
> I know over the years there have been many posts about this subject but
I'm
> stuck
>
> My architecture is as follows
>
> 10.0.0.1 --internal cisco router (Default Gateway) running wccp version 1
> --PIX Firewall---
> 192.168.0.252 --squid cache (in DMZ)
>
> I am trying to utilize the transparent proxy feature to redirect specific
IP
> Addresses at leisure to a specific site.
>
> Currently, 2.4.18-3 linux kernel with ip_wccp and ip_gre modules loaded
with
> no errors
>
> gre1 interface with IP Address 192.168.0.251 (configured as
> wccp_outgoing_address)
>
> Router and Squid communicating successfully:
>
> WCCP Cache-Engine information:
> IP Address: 192.168.0.251
> Protocol Version: 0.4
> State: Usable
> Initial Hash Info: 00000000000000000000000000000000
> 00000000000000000000000000000000
> Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> Hash Allotment: 256 (100.00%)
> Packets Redirected: 96
> Connect Time: 00:31:29
>
> Packets are properly being redirected from the router's perspective.
>
> The problem is that something (transparent proxy) doesn't seem to be
> working.
>
> I have followed the WCCP FAQ section to a "t" and added the appropriate
> iptables rules and squid.conf settings
>
> If I telnet from an internal client (10.0.0.46) to port 80 on my Squid
box,
> it gets properly recdirected to port 3128
>
> when doing a tcpdump on my squid box, I see the GRE traffic from my router
> when a client tries to connect, but I see reply traffic directly from the
> intended HTTP server address to the client. Not sure if its not getting
> NAT'd or what, but I also have no entries in my squid access.log. I am
> totally stumped.
>
> Any help is appreciated.
>
> Thanks
>
>
>
>
Received on Sun Oct 05 2003 - 05:14:52 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:24 MST