Re: [squid-users] squid in load balanced wccpv2 configuration from Amos Jeffries on 2010-05-09 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 09 May 2010 22:55:09 +1200

Jiffy 1111 wrote:
> Hi, all,
>
> In a nutshell, I am trying to install squid as a third proxy to alleviate some pressure from our two Bluecoat proxies into a currently working wccpv2 configuration.
> We now have 5000+ users.
>
> My current squid configuration works perfectly fine in explicit mode.
> The problem I am having, is that squid can't seem to join the wccp service groups.
> I've tried the configuration examples from http://wiki.squid-cache.org/ConfigExamples/ to no avail.
>
> We have two Cisco 6513's in our core and we are using wccp to load balance between the proxies.
>
> I'm posting my sanitized configs hoping someone can shed some light on this and show me what my squid.conf, iptables and network interfaces should look like.
> I would also appreciate any recommended settings for memory and disk use based on the hardware spec I am posting. This server will be dedicated to squid.
>
> Server:
> cat /etc/redhat-release
> Fedora release 12 (Constantine)
>
> rpm -qa squid
> squid-3.1.1-1.fc12.i686
>
> 4 x Intel(R) Xeon(R) CPU 5160 @ 3.00GHz
>
> free -m
> total
> Mem: 7991
>
> 600 Gig on /var
>
> ip tunnel add wccp1 mode gre remote x.x.0.1 local x.x.1.77 dev eth0
> ifconfig wccp1 inet x.x.1.76 netmask 255.255.255.192 up
>
> ifconfig
> eth0
> inet addr:x.x.1.77 Bcast:x.x.1.127 Mask:255.255.255.192
>
> wccp1
> inet addr:x.x.1.76 P-t-P:x.x.1.76 Mask:255.255.255.192
>
> iptables:
> echo 1 > /proc/sys/net/ipv4/ip_forward
> echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter
> iptables -F -t nat
> iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 80 -j DNAT --to-destination x.x.1.77:55555
> iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 20 -j DNAT --to-destination x.x.1.77:20
> iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 21 -j DNAT --to-destination x.x.1.77:21
> iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 443 -j DNAT --to-destination x.x.1.77:443
> iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 1755 -j DNAT --to-destination x.x.1.77:1755
> iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 7070 -j DNAT --to-destination x.x.1.77:7070
>

DNAT used on TCP links (only) with no sign of a matching source fix-up.
(MASQUERADE or SNAT).

Everything else looks good at a quick glance.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.3

Received on Sun May 09 2010 - 10:55:32 MDT

This archive was generated by hypermail 2.2.0 : Wed May 12 2010 - 12:00:05 MDT