RE: [squid-users] Regarding wccp

From: Michael Bowe <mbowe_at_pipeline.com.au>
Date: Thu, 4 Mar 2010 12:25:08 +1100

Hi Senthil

> -----Original Message-----
> From: senthilkumaar2021 [mailto:senthilkumaar2021_at_gmail.com]
> Sent: Wednesday, 3 March 2010 6:24 PM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Regarding wccp
>
> Hi All,
> I need to configure squid +Tproxy+ wccp
> I followed the document as if in the squid cache
>
> wccp2_router $ROUTERIP
> wccp2_forwarding_method gre
> wccp2_return_method gre
> wccp2_service dynamic 80
> wccp2_service dynamic 90
> wccp2_service_info 80 protocol=tcp flags=dst_ip_hash priority=240
> ports=80
> wccp2_service_info 90 protocol=tcp flags=src_ip_hash,ports_source
> priority=240 ports=80
>
> (for router ip replaced the gateway ip of the squid machine)

I think you have the hash stuff wrong, isn't service 80 meant to be
src_ip_hash and service 90 meant to be dst_ip_hash?

And what about the http_port statement, what settings have you used there?

Also maybe you could show us the output from cache.log after starting squid,
as this contains some info about whether TPROXY has started up OK

> I have used following ip tables
>
> iptables -t mangle -N DIVERT
> iptables -t mangle -A DIVERT -j MARK --set-mark 1
> iptables -t mangle -A DIVERT -j ACCEPT
> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
> --tproxy-mark 0x1/0x1 --on-port 3129
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
> echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> set net.ipv4.forwarding = 1

Seems roughly right

> I created tunnel using the router identifier ip address.
>
> I have made all the configuration in router such as enabling the 80 and
> 90 service

You will need to show us the tunnel config fragments

> when i apply redirect in and out for service 80 and 90 .
>
> I am not able to get any packets redirected to 90 service only 80
> service gets redirected .

You will need to show us the Cisco config fragments

Michael.
Received on Thu Mar 04 2010 - 01:25:12 MST

This archive was generated by hypermail 2.2.0 : Fri Mar 05 2010 - 12:00:03 MST