Re: [squid-users] Re: WCCP configuration from Amos Jeffries on 2009-01-09 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 10 Jan 2009 15:36:11 +1300

Ritter, Nicholas wrote:
> With TProxy, I think you need to use Squid3-HEAD to reliably fix your issue....Amos would know for sure.
>
> Nick
>

Yes. Squid-2.* has no support for TPROXY v4.1+

3.1.0.3 or later is needed. Which is at least an RC beta now, more
stable that pure 3.HEAD alpha code.

Also the squid.conf and configure details have changed.
http://wiki.squid-cache.org/Features/Tproxy4

Amos

>
> ________________________________
>
> From: viveksnv_at_aol.in [mailto:viveksnv_at_aol.in]
> Sent: Fri 1/9/2009 8:39 AM
> To: henrik_at_henriknordstrom.net
> Cc: squid-users_at_squid-cache.org; squid3_at_treenet.co.nz
> Subject: [squid-users] Re: WCCP configuration
>
>
>
> Hi,
>
> Thanks for the reply. It did help us solve the problem.
>
> But there is a new issue.
>
> We have configured as squid+tproxy. The squid ip is not displayed and
> only the client ip is displayed when we do the proxy test. But after
> configuring wccp we find that the server ip is displayed in the proxy
> test instead of the client ip.
>
> We also find that the http request is pathetically slow.
>
> squid.conf
>
> wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
> ports=80
> wccp2_service dynamic 90
> wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
> priority=240 ports=80
>
> http_port 3128 transparent tproxy
>
> iptable:
> /usr/local/sbin/iptables -t tproxy -A PREROUTING -i wccp -p tcp -m tcp
> --dport 80 -j TPROXY --on-port 3128
>
>
> We created a gre tunnel based on the router identifier.
>
> wccp2_router xx.xx.xxx.xx (ip of router interface connected to squid
> machine)
>
> The following command is assigned at the router interface connected to
> the lan.
> ip wccp 80 redirect in
> ip wccp 90 redirect out
>
> Following command at the router interface connected to squid.
> ip wccp redirect exclude in
>
> Router : Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M),
> Version 12.4(13b)
> Kernel : linux-2.6.20.21
> IPtable : iptables-1.3.8
> Os Ver : squid-2.7 Stable 5
>
> #lsmod
>
> ip_gre 19616 0
> iptable_filter 11136 0
> ipt_TPROXY 11136 1
> ipt_REDIRECT 10624 0
> xt_tcpudp 11904 1
> reiserfs 235144 5
> iptable_tproxy 23036 2 ipt_TPROXY
> iptable_nat 15492 1 iptable_tproxy
> ip_nat 24620 3 ipt_REDIRECT,iptable_tproxy,iptable_nat
> ip_tables 25448 3
> iptable_filter,iptable_tproxy,iptable_nat
> x_tables 23560 5
> ipt_TPROXY,ipt_REDIRECT,xt_tcpudp,iptable_nat,ip_tables
> ip_conntrack 53400 3 iptable_tproxy,iptable_nat,ip_nat
>
>
> The internet works, but the browsing is dead slow. Temporarily we have
> bypassed squid to browse the net.
>
>
> Thanks
> VK
>
>
> -----Original Message-----
> From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
> To: viveksnv_at_aol.in
> Cc: squid3_at_treenet.co.nz; squid-users_at_squid-cache.org
> Sent: Thu, 8 Jan 2009 12:05 am
> Subject: Re: WCCP configuration
>
>
> ons 2009-01-07 klockan 08:46 -0500 skrev viveksnv_at_aol.in:
>
>> wccp2_router xxx.xx.xxx.xxx
>> wccp_version 4
>> wccp2_forwarding_method 1
>> wccp2_return_method 1
>> wccp2_assignment_method 1
>> wccp2_service dynamic 80
>> wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
>> ports=80
>> wccp2_service dynamic 90
>> wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
>> priority=240 ports=80
>>
>>
>> Router Eth0 - connected to lan. Eth1 - connecte to squid.
>
> Have you also configured
> * A loopback address on the router, giving it a easily identified router
> ID
>
> * the required GRE/WCCP tunnel interface on the Squid server
>
> * disabled rp_filter on the above GRE/WCCP interface.
>
> * And adjusted the REDIRECT/NAT rules to act on traffic received on the
> GRE/WCCP interface configured above?
>
>
>> Service Identifier: web-cache
>> Number of Service Group Clients: 1
>> Number of Service Group Routers: 1
>> Total Packets s/w Redirected: 11336
>> Process: 0
>> Fast: 0
>> CEF: 11336
>
> Looks fine.
>
>> Is there any simple way of configuring WCCP. We have beating round
> the
>> bush all day long to configure wccp.
>
> WCCP as such is configured. But something is missing in the interception
> at the proxy. Most likely the GRE interface mentioned above.
>
> Regards
> Henrik
>
>
>
>
>
>
>
> ________________________________________________________________________
> You are invited to Get a Free AOL Email ID. - http://webmail.aol.in <http://webmail.aol.in/>
>
>
>
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
   Current Beta Squid 3.1.0.3

Received on Sat Jan 10 2009 - 02:37:54 MST

This archive was generated by hypermail 2.2.0 : Sat Jan 10 2009 - 12:00:02 MST