Hi Amos,
OK, it was my fault that I posted before run in real network with
WCCP. We are running Squid+tproxy under Policy Based routing without
any major trouble (pls see below of problem are we facing).
This week we will move squid from PBR to Wccp. The mentioned example
based on vlan dot1q, let me dig with cisco and will raise if face any
problem.
1. If we run squid with default conf file, we got cache host name in
"www.whatismyip.com", to avoid that we added following in squid.conf
file:
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access All deny all
Now, there is no cache/squid host name in "whatismyip.com", but in
hotmail/live.com's email service inbox no message open, it's shown
a error that another ip accessing the same page.
I guess we need to add another "request_header_access" rule, any clue on it.
Is "http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html" the final
list of all HEADER LIST?
2. What is safe filedescriptors value I should use?
TIA,
Azhar
On Sun, Apr 17, 2011 at 9:01 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 17/04/11 05:14, AZHAR CHOWDHURY wrote:
>>
>> Hi,
>> I am following http://wiki.squid-cache.org/Features/Tproxy4 strictly
>> but failed to configure with CISCO router& WCCP2.
>>
>> My setup as follow:
>>
>> Clients PCs>-----------------------------[Core
>> switch]-------->>-----------[Edge CISCO Router with
>> WCCP2]--------------->Internet
>> ||
>> [Squid 3.1.10 with Fedora 14, iptables, tproxy]
>>
>> I can't configure Cisco router with following configuration as there
>> is no other interface there (only two, one connected with core
>> internal switch and rest with internet.
>> Please help me.
>
> You have not stated anything about a problem. We cannot help unless we now
> what is going wrong.
>
> Finding the problem can be time consuming or tricky unless you are fairly
> familiar with TCP. The "Troubleshooting" section on the tproxy4 page has
> many hints about what can go wrong and how to find/resolve them.
>
>> =============================
>> interface GigabitEthernet0/3.100
>> description ADSL customers
>> encapsulation dot1Q 502
>> ip address x.x.x.x y.y.y.y
>> ip wccp 80 redirect in
>> ip wccp 90 redirect out
>>
>> interface GigabitEthernet0/3.101
>> description Dialup customers
>> encapsulation dot1Q 502
>> ip address x.x.x.x y.y.y.y
>> ip wccp 80 redirect in
>> ip wccp 90 redirect out
>>
>> interface GigabitEthernet0/3.102
>> description proxy servers
>> encapsulation dot1Q 506
>> ip address x.x.x.x y.y.y.y
>> ip wccp redirect exclude in
>> =====================
>>
>> Another question, how do check gre is configured at Linux?
>
> "ip link show"
>
> ... lists the active interfaces. GRE should be one of them when open.
>
>
> TPROXY and WCCP are relatively independent operations. Both equally
> troublesome and complex.
>
> It is worth checking that TPROXY is fully operational and working before
> adding WCCP tunneling on top to complicate things further.
> You can test that by having the squid box as router for your workstation
> instead of the Cisco.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.12
> Beta testers wanted for 3.2.0.6
>
Received on Sun Apr 17 2011 - 17:21:53 MDT
This archive was generated by hypermail 2.2.0 : Mon Apr 18 2011 - 12:00:03 MDT