Re: [squid-users] 2.6S1 WCCP2 problems

From: tino <tino.kriswanto@dont-contact.us>
Date: Thu, 20 Jul 2006 07:27:33 +0700

Yes,
check your rp_filter=0

Be sure to try your squid in non-transparent (fill the proxy in client
browser) is work well

You also had to search topics in web
http://www.squid-cache.org/mail-archive/squid-users/200502/0909.html

rgds,
Tino
----- Original Message -----
From: "Bryan Shoebottom" <bshoebottom@fanshawec.ca>
To: "Henrik Nordstrom" <henrik@henriknordstrom.net>
Cc: "tino" <tino.kriswanto@gmail.com>; <squid-users@squid-cache.org>
Sent: Thursday, July 20, 2006 2:54 AM
Subject: Re: [squid-users] 2.6S1 WCCP2 problems

> Henrik,
>
> I will give that a shot. Is there any reason why this isn't in the FAQ?
> This is the first place i checked when my config didn't work.
>
> Thanks,
> Bryan
>
> On Wed, 2006-07-19 at 10:04 -0400, Henrik Nordstrom wrote:
>> ons 2006-07-19 klockan 07:25 +0700 skrev tino:
>> > RE: [squid-users] 2.6S1 WCCP2 problems http_port 3128 transparent
>> > vhost vport=80
>>
>> why vhost and vport=80? These are for accelerator/reverse proxy mode,
>> not Internet proxies.. The transparent keyword takes care of all which
>> is needed in transparent interception.
>>
>>
>> > #-at squid:
>> > insmod ip_gre
>> > ifconfig gre0 up
>> > ip addr add 172.0.0.2 255.255.255.252 dev gre0
>>
>> I would say it's better to create a new GRE tunnel for the router.
>>
>> ip tunnel add wccp mode gre remote ip.of.router
>> ip addr add proxy.server.ip/32 dev wccp
>> ip link set wccp up
>>
>> and intercepted packets redirected by the router should be coming in on
>> the virtual wccp interface, where they can easily be redirected to Squid
>>
>> iptables -t nat -A PREROUTING -i wccp -p tcp -j REDIRECT --to 3128
>>
>> You quite likely also need to disable reverse-path lookups on the wccp
>> interface
>>
>> echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter
>>
>>
>> IP forwarding does not need to be enabled.
>>
>> Regards
>> Henrik
Received on Wed Jul 19 2006 - 18:27:43 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT