[squid-users] Transparent Proxy with wccp on Fedora Core 4

I have problems getting Transparent Proxy to work and would be glad if
you can look thru this

I have a Cisco router with wccp enabled and the squid server compiled
from source tarball runs on a Fedora Core 4. My understanding is that It
is not necessary to patch the kernel as ip_gre is already enabled.
Proxying works when browser configuration is done, however transparent
proxying does not work.

The message from the squid box (192.168.1.23) is

   IP 192.168.1.18 > 192.168.1.23: gre-proto-0x883e
   IP 192.168.1.23 >192.168.1.18: icmp host 192.168.1.23 unreachable
   -admin prohibited

while the router (192.168.1.18) gives same message via
debug ip wccp packet

   and

debug ip icmp

      /*Mar 1 01:12:09.775: WCCP-PKT: Received valid Here_I_Am packet
      from 192.168.1.23 w/rcvd_id 00000113
      *Mar 1 01:12:09.775: WCCP-PKT: Sending I_See_You packet to
      192.168.1.23 w/ rcvd_id 00000114
      *Mar 1 01:12:10.071: ICMP: dst (192.168.1.18) prohibited
      unreachable rcv from 192.168.1.23
      *Mar 1 01:12:12.991: ICMP: dst (192.168.1.18) prohibited
      unreachable rcv from 192.168.1.23
      *Mar 1 01:12:19.003: ICMP: dst (192.168.1.18) prohibited
      unreachable rcv from 192.168.1.23
      *Mar 1 01:12:20.235: WCCP-PKT: Received valid Here_I_Am packet
      from 192.168.1.23 w/rcvd_id 00000114
      *Mar 1 01:12:20.235: WCCP-PKT: Sending I_See_You packet to
      192.168.1.23 w/ rcvd_id 00000115
      *Mar 1 01:12:30.519: WCCP-PKT: Received valid Here_I_Am packet
      from 192.168.1.23 w/rcvd_id 00000115
      *Mar 1 01:12:30.519: WCCP-PKT: Sending I_See_You packet to
      192.168.1.23 w/ rcvd_id 00000116
      *Mar 1 01:12:31.395: ICMP: dst (192.168.1.18) prohibited
      unreachable rcv from 192.168.1.23
      /

The router recognizes the squid box as confirmed from the message below.
      /Router#sh ip wccp
      Global WCCP information:
          Router information:
              Router Identifier: 192.168.1.18
              Protocol Version: 1.0

          Service Identifier: web-cache
              Number of Cache Engines: 1
              Number of routers: 1
              Total Packets Redirected: 166
              Redirect access-list: 150
              Total Packets Denied Redirect: 0
              Total Packets Unassigned: 0
              Group access-list: -none-
              Total Messages Denied to Group: 0
              Total Authentication failures: 0/

the ip tunnel as been set as shown

My router config is below

      /Cisco Internetwork Operating System Software
      IOS (tm) 3700 Software (C3745-IS-M), Version 12.2(13)T10,
RELEASE SOFTWARE (fc1)
      TAC Support: http://www.cisco.com/tac
      Copyright (c) 1986-2003 by cisco Systems, Inc.
      Compiled Wed 26-Nov-03 02:37 by nmasa
      Image text-base: 0x60008940, data-base: 0x61994000

      ROM: System Bootstrap, Version 12.2(8r)T2, RELEASE SOFTWARE (fc1)

      Router uptime is 1 hour, 7 minutes
      System returned to ROM by power-on
      System image file is "flash:c3745-is-mz.122-13.T10.bin"

      cisco 3745 (R7000) processor (revision 2.0) with 196608K/11264K
      bytes of memory.
      Processor board ID JMX0802L3EA
      R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2,
      2048KB L3 Cache
      MICA-6DM Firmware: CP ver 2730 - 5/23/2001, SP ver 2730 - 5/23/2001.
      Bridging software.
      X.25 software, Version 3.0.0.
      SuperLAT software (copyright 1990 by Meridian Technology Corp).
      2 FastEthernet/IEEE 802.3 interface(s)
      30 terminal line(s)
      DRAM configuration is 64 bits wide with parity disabled.
      151K bytes of non-volatile configuration memory.
      125440K bytes of ATA System CompactFlash (Read/Write)

      Configuration register is 0x101

      /

Below is the router configuration fileRouter#sh conf

      /Using 1285 out of 155640 bytes
      !
      version 12.2
      service timestamps debug datetime msec
      service timestamps log datetime msec
      no service password-encryption
      !
      hostname Router
      !
      no logging buffered
      enable secret 5 $1$.nU6$zrTYq3u9FqrEs1z3VR6yO/
      enable password 1234
      !
      ip subnet-zero
      ip wccp version 1
      ip wccp web-cache redirect-list 150
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      mta receive maximum-recipients 0
      !
      !
      !
      !
      interface FastEthernet0/0
       ip address 192.168.1.18 255.255.255.0
       no ip unreachables
       ip nat inside
       no ip mroute-cache
       speed auto
       half-duplex
       no cdp enable
      !
      interface FastEthernet0/1
       ip address 64.110.65.17 255.255.255.128
       no ip unreachables
       ip wccp web-cache redirect out
       ip nat outside
       no ip mroute-cache
       duplex auto
       speed auto
       no cdp enable
      !
      router rip
       network 64.0.0.0
      !
      ip nat pool ovrld 64.110.65.18 64.110.65.18 prefix-length 24
      ip nat inside source list 7 pool ovrld overload
      ip classless
      ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
      ip http server
      !
      !
      access-list 7 permit 192.168.1.0 0.0.0.255
      access-list 150 permit tcp 192.168.1.0 0.0.0.255 any
      access-list 150 deny tcp any any
      !
      !
      call rsvp-sync
      !
      !
      mgcp profile default
      !
      !
      !
      dial-peer cor custom
      !
      !
      !
      !
      line con 0
       exec-timeout 0 0
      line 33 62
       flush-at-activation
      line aux 0
      line vty 0 4
       password 12345
       login
      !
      end
      /
Received on Mon Jul 18 2005 - 03:06:44 MDT