RE: [squid-users] Client "Configuration"

--- Scott Phalen <scott@sphalen.com> wrote: >
> <I would be very interested in your setup,
> especially
> <the following:
> <
> <o How you got the GRE tunnel going
> <o How the firewall config was affected by the GRE
> <setup
> <o What errors, if any, you got from the kernel
> after
> < compiling wccp into it
>
>
----------------------------------------------------------------------------
> -------------------------
> My environment:
> RedHat AS2.1, Dell 650 Server with 2GB RAM, 145GB
> Hard Drive
> McAfee WebShield E500 (virus scanning HTTP traffic)
> WatchGuard Firewall

sorry for the late response (been hacking BGP all
week).. my environ is SuSE Linux 9.1 Pro with kernel
2.6.5, with sufficient memory and hard drive space..

>
> All HTTP traffic hits the main router interface, it
> is then redirected via
> wccp to my squid cache, the webshield is configured
> as the cache_peer parent
> then all requests go to internet.

this is quite straightforward.. am already doing this
with the much_hated route-map technique...

>
> In order to make things work, you need to follow the
> FAQ:
>
>
>http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.11

already did.. used it 2 yrs back and even still today
(i feel there are some things to update on that
particular FAQ, will probably get round to it one of
these weekends.. i think...)

>
> gcc -D__KERNEL__ -I/usr/src/linux/include -Wall
> -Wstrict-prototypes -Wno-tri
> graphs -O2 -fomit-frame-pointer -fno-strict-aliasing
> -fno-common -pipe -mpre
> ferred-stack-boundary=2 -march=i686 -DMODULE
> -DMODVERSIONS -include
> /usr/src/linux/include/linux/modversions.h -c -o
> ip_wccp.o ip_wccp.c

well, i am using the 2.6 kernle, so things are little
difficult.. been trying to Google for the past month,
but there's not much support for 2.6 wccp compilation,
let alone integration..

>
> Compile ip_wccp.c
> Copy the newly created ip_wccp.o to:
> /lib/modules/[kernel-version]/kernel/net/ipv4
> Run depmod -a
> Run modprobe ip_wccp
> Modify the /etc/rc.d/rc.local file to include the
> following lines
> insmod ip_wccp
> iptables -t nat -A PREROUTING -i eth0 -p tcp
> --dport 80 -j
> REDIRECT --to-port 3128
> Modify the /etc/sysctl.conf file:
> net.ipv4.ip_forward = 1
> net.ipv4.conf.default.rp_filter = 1
> Ensure the following lines are in the squid.conf
> file
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> wccp_router X.X.X.X
> wccp_version 4
> [squid-home-dir]/bin/./RunCache &

already did this (well, most of it is different as i
am running SuSE and not RH)...

squid is running transparently already.. wccp module
loads with a few errors Google says i shd ignore
(since it's not GPL'ed blah blah)..

>
> What you are doing is:
> • Installing a kernel module that understands WCCP
> natively
> • Modifying settings so the machine can 'route'
> between the WCCP virtual
> network and the internet
> • Modifying squid to use WCCP, and forward packets
> received on port 80 as if
> they were received on port 3128

wish all this worked on my 2.6.5 kernel.. :(..

>
> WCCP uses the GRE protocol to encapsulate requests.

an alternative for which i was hoping to stumble
upon..

> The kernel module
> greatly simplifies handling these. It is possible
> to do it with the
> "ip_gre" module, but far more complex (if more
> secure).

am sorry i don't understand that bit.. u sound like
there's another way of handling it... please
describe..

isn't GRE tunnelling the popular method of doing this
with wccp..?..

Mark.

>
>
>

        
        
                
___________________________________________________________ALL-NEW Yahoo! Messenger - sooooo many all-new ways to express yourself http://uk.messenger.yahoo.com
Received on Tue Jul 20 2004 - 04:53:30 MDT