Re: [squid-users] Cisco/Linux/WCCP - Different Interface from Adrian Chadd on 2008-02-09 (squid-users)

From: Adrian Chadd <adrian@dont-contact.us>
Date: Sun, 10 Feb 2008 12:05:21 +0900

Read http://wiki.squid-cache.org/ConfigExamples/ - there's an example Cisco IOS + WCCP + NAT.

Adrian

On Sat, Feb 09, 2008, Tuc at T-B-O-H.NET wrote:
> Hi,
>
> Trying to follow :
>
> http://wiki.squid-cache.org/SquidFaq/InterceptionProxy
>
> Cisco is a 2851 :
> Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(12), RELEASE SOFTWARE (fc1)
>
> Linux is Centos 4:
> Linux ports.example.com 2.6.9-42.0.10.EL #1 Tue Feb 27 09:24:42 EST 2007 i686 i686 i386 GNU/Linux
>
> Squid is squid-2.6.STABLE18
>
> One tweak to the docs I did find I needed for
> Cisco was "ip wccp web-cache" needed to be set for it to
> run.
>
> The configuration is that I have a serial port doing NAT to the
> net, which is where EVERYTHING passes, so thats where I put the ip wccp
> statements on the router. That interface IP is 1.2.3.58 . I have
> a Gig 0/0, IP 2.3.4.233 . Off that gig is the squid at 2.3.4.236. I
> have a Gig0/1 IP 4.5.6.7, and 99% of the users hang off there.
>
> I used the following on Linux. The iptables command
> seems to never have heard of the "--redirect-to" command, so hopefully
> this is correct :
>
> modprobe ip_gre
> ip tunnel del wccp0
> ip tunnel add wccp0 mode gre remote 1.2.3.58 local 2.3.4.236 dev eth0
> ip addr add 2.3.4.236/32 dev wccp0
> ip link set wccp0 up
> echo 0 >/proc/sys/net/ipv4/conf/wccp0/rp_filter
> iptables -t nat -A PREROUTING -p tcp -i wccp0 -j REDIRECT --to 3128
>
> It didn't seem to work, so I shut down all IP tables
> via the Centos GUI (BIG mistake, it wiped out my settings and now
> I need to reconstruct it. :-/ ) ANYWAY... AFTER that I checked,
> and a "sho ip wccp we v" on the router showed my
> 2.3.4.236 as visible, and a "sho ip wccp web det"
> showed it, but with a State of "NOT Usable". I turned up
> some debug, and I see maybe whats happening, but dont' know
> how to resolve..
>
> When I wirehark the packets on 2048, I see the "Here I am"
> from Squid to the router fine, but the router responds with
> "I see you" from 2.3.4.233, the IP of the interface closest to
> the squid, but NOT the IP of the Internet connection.
>
> How do I handle this? Do I need to change wccp2_router to
> 2.3.4.233 instead of really what it should be, 1.2.3.58?
>
> Also, is the iptables command correct?
>
> Thanks, Tuc

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -

Received on Sat Feb 09 2008 - 19:53:36 MST

This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST