Re: [squid-users] Squid+Cisco w/WCCP ---> multiple tcp ports?

Rightio!

# On squid:

wccp2_service dynamic 80
wccp2_service_info 80 protocol=tcp priority=240 ports=80,8000,2080

tcp_outgoing_address 203.56.15.78

wccp2_router 192.168.1.1:2048

http_port 192.168.1.10:3128 transparent vport=80
http_port 192.168.1.10:8000 transparent vport=8000
http_port 192.168.1.10:2080 transparent vport=2080

http_port localhost:3128

(I have a squid box that's intercepting WCCP stuff from a NAT'ted network;
and to do it "right" it seems I need to intercept it on the internal interface.
Squid then connects out using its other "public" interface.)

# On the router:

!
ip wccp 80
!
interface FastEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip wccp 80 redirect in
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!

# /root/wccp.sh :

iptables -F -t nat
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 8000 -j DNAT --to-destination 192.168.1.10:8000
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 2080 -j DNAT --to-destination 192.168.1.10:2080

Let me know if that works.

Adrian

On Wed, Sep 13, 2006, Tom Warren wrote:
> I have recently set up a transparent squid cache at the small ISP
> where I work using Fedora Core 4 and squid-2.6.STABLE3. It is
> performing well but I'd like to cache additional traffic such as
> alternate HTTP ports and maybe later even FTP using something like
> FROX.
>
> The problem is after days of searching I've found sparse information
> on Squid's 'wccp2_service dynamic' and 'wccp2_service_info'
> configuration parameters. I've tried something like this:
>
> wccp2_service dynamic 80 password=foo
> wccp2_service_info 80 protocol=tcp flags=src_ip_hash,ports_source
> priority=240 ports=8080,2080,2443
>
>
> The Cisco router was configured thusly:
>
> ip wccp 80 redirect-list 3 group-list 10 password 7 XYXYXYXY
>
>
> Then from my workstation (the only host in access-list 3) I visit
> something like:
>
> http://snind.gotdns.com:8080/
>
> The page loads but although the Cisco router sees the cache register
> service ID 80, it never redirects any packets; I always see:
>
> core#sh ip wccp 80
> Global WCCP information:
> Router information:
> Router Identifier: xxx.yyy.zzz.50
> Protocol Version: 2.0
>
> Service Identifier: 80
> Number of Cache Engines: 1
> Number of routers: 1
> Total Packets Redirected: 0
> Redirect access-list: 3
> Total Packets Denied Redirect: 0
> Total Packets Unassigned: 0
> Group access-list: 10
> Total Messages Denied to Group: 0
> Total Authentication failures: 0
>
>
> I've tried several other permutations of the Squid wccp 'info'
> parameter to no avail. I'd like to know the following:
>
> - What is the standard syntax for redirecting multiple ports using
> 'wccp2_service dynamic' and 'wccp2_service_info' configuration
> parameters.
>
> - Can I operate standard (web-cache) and dynamic services simultaneously?
>
> - After I successfully redirect other ports like 8080, et. al. to
> squid, will it automagically use the original port number in its
> request?
>
> Much thanks,
>
> Tom
Received on Wed Sep 13 2006 - 07:23:20 MDT