[squid-users] Squid and WCCP2 with cisco 1800 series router from Tux Mason on 2011-05-21 (squid-users)

From: Tux Mason <tuxmason_at_gmail.com>
Date: Sun, 22 May 2011 00:57:01 +0300

Hello,

Am having trouble getting WCCP2 to work with a Cisco 1800 series router.

The problem I have noticed is traffic sent to the squid box with a
private IP. The output of netstat:

netstat -ntlpua
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address
State       PID/Program name
tcp        0      0 SQUID_PUBLIC_IP:3128      0.0.0.0:*
LISTEN      17232/(squid)
tcp        0      0 SQUID_PUBLIC_IP:3128      10.10.10.2:59504
SYN_RECV    -
tcp        0      0 SQUID_PUBLIC_IP:3128      10.10.10.2:59505
SYN_RECV    -
tcp        0      0 SQUID_PUBLIC_IP:3128      10.10.10.2:51024
SYN_RECV    -
udp       0      0 SQUID_PUBLIC_IP:2048      ROUTER_PUBLIC_IP:2048
ESTABLISHED 17232/(squid)

Below are my configurations

Router:
!
ip wccp web-cache redirect-list 120 group-list 2
!
interface FastEthernet0/0
description LAN Gateway
ip address 10.10.10.1 255.255.255.0
ip wccp web-cache redirect in
...
!
interface FastEthernet0/1
description Internet Uplink
ip address <ROUTER_PUBLIC_IP>
!
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 permit <SQUID_PUBLIC_IP>
access-list 120 deny ip host <SQUID_PUBLIC_IP> any
access-list 120 permit tcp 10.10.10.0 0.0.0.255 any eq www
access-list 120 deny ip any any
!

Squid Box:
----------------------------- /etc/squid/squid.conf --------
http_port 41.221.49.249:3128 intercept
wccp2_router <ROUTER_PUBLIC_IP>
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_service standard 0
wccp_version 2
...
----------------------------End squid.conf ------------------

---------------------------Network settings ----------------
/sbin/ip link set wccp0 mtu 1476
/sbin/ip tunnel add wccp0 mode gre remote <ROUTER_IP_PUBLIC_IP> local
<SQUID_PUBLIC_IP> eth0
/sbin/ip addr add <SQUID_PUBLIC_IP> dev wccp0
/sbin/ip link set wccp0 up
/sbin/sysctl -w net.ipv4.conf.wccp0.rp_filter=0
/sbin/sysctl -w net.ipv4.conf.eth0.rp_filter=0
----------------------------End network -----------------------------

How can I get the router to send traffic using the public IP instead
of the private IP?

Any help will be greatly appreciated as this has had me plastered for
a while now.

Daniel
Received on Sat May 21 2011 - 21:57:08 MDT

This archive was generated by hypermail 2.2.0 : Mon May 23 2011 - 12:00:02 MDT