[squid-users] Cisco/Linux/WCCP - Different Interface

From: Tuc at T-B-O-H.NET <ml@dont-contact.us>
Date: Sat, 9 Feb 2008 14:09:27 -0500 (EST)

Hi,

        Trying to follow :

http://wiki.squid-cache.org/SquidFaq/InterceptionProxy

        Cisco is a 2851 :
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(12), RELEASE SOFTWARE (fc1)

        Linux is Centos 4:
Linux ports.example.com 2.6.9-42.0.10.EL #1 Tue Feb 27 09:24:42 EST 2007 i686 i686 i386 GNU/Linux

        Squid is squid-2.6.STABLE18

        One tweak to the docs I did find I needed for
Cisco was "ip wccp web-cache" needed to be set for it to
run.

        The configuration is that I have a serial port doing NAT to the
net, which is where EVERYTHING passes, so thats where I put the ip wccp
statements on the router. That interface IP is 1.2.3.58 . I have
a Gig 0/0, IP 2.3.4.233 . Off that gig is the squid at 2.3.4.236. I
have a Gig0/1 IP 4.5.6.7, and 99% of the users hang off there.

        I used the following on Linux. The iptables command
seems to never have heard of the "--redirect-to" command, so hopefully
this is correct :

modprobe ip_gre
ip tunnel del wccp0
ip tunnel add wccp0 mode gre remote 1.2.3.58 local 2.3.4.236 dev eth0
ip addr add 2.3.4.236/32 dev wccp0
ip link set wccp0 up
echo 0 >/proc/sys/net/ipv4/conf/wccp0/rp_filter
iptables -t nat -A PREROUTING -p tcp -i wccp0 -j REDIRECT --to 3128

        It didn't seem to work, so I shut down all IP tables
via the Centos GUI (BIG mistake, it wiped out my settings and now
I need to reconstruct it. :-/ ) ANYWAY... AFTER that I checked,
and a "sho ip wccp we v" on the router showed my
2.3.4.236 as visible, and a "sho ip wccp web det"
showed it, but with a State of "NOT Usable". I turned up
some debug, and I see maybe whats happening, but dont' know
how to resolve..

        When I wirehark the packets on 2048, I see the "Here I am"
from Squid to the router fine, but the router responds with
"I see you" from 2.3.4.233, the IP of the interface closest to
the squid, but NOT the IP of the Internet connection.

        How do I handle this? Do I need to change wccp2_router to
2.3.4.233 instead of really what it should be, 1.2.3.58?

        Also, is the iptables command correct?

                Thanks, Tuc
Received on Sat Feb 09 2008 - 12:09:42 MST

This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST