[squid-users] Cant get WCCPv2 to work with Ubuntu 12.04 and Cisco 831 SOHO

From: ciscokid <darrell.t.gray_at_gmail.com>
Date: Mon, 9 Jul 2012 14:33:24 -0700 (PDT)

  I have been trying to get WCCPv2 and Ubuntu to talk now for about 2 days
and its driving be nutz! The GRE tunnel is established with my Cisco router
and Im revieving TCP port 80 requsest over it, but when tailing the message
log I never see anything in there. I confirned I was getting the packets
using tcpdump on the wccp0 interface. I believe it is a NAT redirect issue,
but cant seem ti figure out where. Please look at the following and let me
know if I am doing something wrong. Also, it works when I hard code my
browser to the Squid Proxy because I setup a test dstdomain and it blocked

Thanks in advance!

Ubuntu 12.04:

modprobe ip_gre
ip tunnel add wccp0 mode gre remote local dev eth0
ifconfig wccp0 netmask up
iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j DNAT
echo 0 >/proc/sys/net/ipv4/conf/wccp0/rp_filter
echo 0 >/proc/sys/net/ipv4/conf/eth0/rp_filter
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
iptables -t nat -A POSTROUTING -j MASQUERADE

Squid 3.1:
root_at_dude-AOA150:~# more /etc/squid3/squid.conf
http_port 3128 transparent

wccp_version 4
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service standard 0

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

acl manager url_regex -i ^cache_object:// +i

acl localhost src ::1
acl to_localhost dst ::1

acl localnet src # RFC 1918 possible internal network
acl localnet src # RFC 1918 possible internal network
acl localnet src # RFC 1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl bad-sites dstdomain .nascar.com

http_access allow manager localhost
http_access deny bad-sites
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all

Cisco 831:
mustang-gt#sh run int e0
Building configuration...

Current configuration : 288 bytes
interface Ethernet0
 description connection to lan
 ip address
 ip access-group internal-ingress in
 ip wccp web-cache redirect in
 no ip redirects
 no ip unreachables
 ip nat inside
 ip inspect inbound in
 ip virtual-reassembly
 load-interval 30

mustang-gt#sh run | i wccp
ip wccp web-cache redirect-list 120

View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Cant-get-WCCPv2-to-work-with-Ubuntu-12-04-and-Cisco-831-SOHO-tp4655712.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Mon Jul 09 2012 - 21:33:25 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 10 2012 - 12:00:02 MDT