Amos Jeffries <squid3_at_treenet.co.nz> writes:
>First, check your configuration for Squid and its firewall match this
>page:
>http://wiki.squid-cache.org/Features/Wccp2#Squid_configuration_for_WCCP_version_2
>
>An alternative to WCCP is to do real routing, we have an example for a
>2501 here:
>http://wiki.squid-cache.org/ConfigExamples/Intercept/Cisco2501PolicyRoute
>
>
>For the troubleshooting;
> * There is no indication in the cache.log that the cisco or Squid are in
>contact with each other. Check the cisco wccp information to see if its
>got
>any knowledge of Squid.
> * check if requests are getting into Squid. access.log should have
>records of every request attempt made, even failed ones.
> * the 'usual' problem when this behaviour is seen is that packets going
>from squid get looped back somewhere strange. They are supposed to get a
>free pass out to the Internet. Whether or not they go back to the cisco to
>do so is optional.
>
>
>Squid by default will hold off sending its HERE_I_AM message to the cisco
>until the cache has been fully loaded and Squid is actually ready for
>service. If you have a large cache (GB) wccp2_rebuild_wait can make it not
>wait, but you will see degraded service until the cache is available.
>
Thanks. After spending a lot of time with wccp and trying the tutorial on
squids wiki, I think I have given up. It "seems" to work before I play
around with my iptables. I say seems because I can actually see gre
traffic on the squid server and I see wccp packets being sent to the squid
server on the cisco router, but I am not sure if this is actually working
though. Is there a way I can actually check squid logs to see if it's
getting anything? For some reason I don't have an access.log. I have an
access.log.1, but not an access.log.
When I put this in:
iptables -t nat -A PREROUTING -i gre1 -p tcp --dport 80 -j REDIRECT
--to-port 3129
It seems to break it and I'm left with the same problem I had before.
I then tried the routing method you have posted. I configured my cisco
router word for word and it doesn't seem to be working. I have a
Dansguardian filter and I can see that traffic is obviously not going
through the filter. Shouldn't this method work just like the sonicwall
method that is working for me? Essentially it's just routing traffic to my
proxy server. I don't understand how this is so hard for me.
Thanks for your time!
-Chris
___________________________
Chris Abel
Systems and Network Administrator
Wildwood Programs
2995 Curry Road Extension
Schenectady, NY 12303
518-836-2341
Received on Thu Sep 09 2010 - 21:21:18 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 15 2010 - 12:00:03 MDT