On 22/05/11 09:57, Tux Mason wrote:
> Hello,
>
> Am having trouble getting WCCP2 to work with a Cisco 1800 series router.
>
> The problem I have noticed is traffic sent to the squid box with a
> private IP. The output of netstat:
>
> netstat -ntlpua
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State PID/Program name
> tcp 0 0 SQUID_PUBLIC_IP:3128 0.0.0.0:*
> LISTEN 17232/(squid)
> tcp 0 0 SQUID_PUBLIC_IP:3128 10.10.10.2:59504
> SYN_RECV -
> tcp 0 0 SQUID_PUBLIC_IP:3128 10.10.10.2:59505
> SYN_RECV -
> tcp 0 0 SQUID_PUBLIC_IP:3128 10.10.10.2:51024
> SYN_RECV -
> udp 0 0 SQUID_PUBLIC_IP:2048 ROUTER_PUBLIC_IP:2048
> ESTABLISHED 17232/(squid)
>
>
> Below are my configurations
>
> Router:
> !
> ip wccp web-cache redirect-list 120 group-list 2
> !
> interface FastEthernet0/0
> description LAN Gateway
> ip address 10.10.10.1 255.255.255.0
> ip wccp web-cache redirect in
> ...
> !
> interface FastEthernet0/1
> description Internet Uplink
> ip address<ROUTER_PUBLIC_IP>
> !
> ip nat inside source list 1 interface FastEthernet0/1 overload
> !
> access-list 1 permit 10.10.10.0 0.0.0.255
> access-list 2 permit<SQUID_PUBLIC_IP>
> access-list 120 deny ip host<SQUID_PUBLIC_IP> any
> access-list 120 permit tcp 10.10.10.0 0.0.0.255 any eq www
> access-list 120 deny ip any any
> !
>
> Squid Box:
> ----------------------------- /etc/squid/squid.conf --------
> http_port 41.221.49.249:3128 intercept
> wccp2_router<ROUTER_PUBLIC_IP>
> wccp2_forwarding_method gre
> wccp2_return_method gre
> wccp2_service standard 0
> wccp_version 2
> ...
> ----------------------------End squid.conf ------------------
>
> ---------------------------Network settings ----------------
> /sbin/ip link set wccp0 mtu 1476
> /sbin/ip tunnel add wccp0 mode gre remote<ROUTER_IP_PUBLIC_IP> local
> <SQUID_PUBLIC_IP> eth0
> /sbin/ip addr add<SQUID_PUBLIC_IP> dev wccp0
> /sbin/ip link set wccp0 up
> /sbin/sysctl -w net.ipv4.conf.wccp0.rp_filter=0
> /sbin/sysctl -w net.ipv4.conf.eth0.rp_filter=0
> ----------------------------End network -----------------------------
>
> How can I get the router to send traffic using the public IP instead
> of the private IP?
Looks to be perfectly working.
You seem to mistake how WCCP works. It is a tunnel, where the HTTP
packets entering the Cisco router get sent *unchanged* to the Squid box
for handling. Exactly as if you had plugged the Squid box in as a second
router or bridge between the Cisco and clients.
Don't worrying about it. The global connections will go back to the
Cisco with the Squid box IP and then go through whatever border NAT you
have in place. The private client IP will never touch the global
Internet directly.
As it stands you can track the internal LAN PC behaviour directly from
the Squid logs without having to record and lookup NAT conversions after
the fact.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1Received on Sun May 22 2011 - 02:50:17 MDT
This archive was generated by hypermail 2.2.0 : Sun May 22 2011 - 12:00:02 MDT