Re: [squid-users] tproxy configuration

From: Eliezer Croitoru <>
Date: Fri, 20 Jul 2012 02:04:05 +0300

On 7/20/2012 12:35 AM, Wayne Lee wrote:
> Sent from my iPad
> On 19 Jul 2012, at 19:58, Eliezer Croitoru <> wrote:
>> On 7/17/2012 6:01 PM, Wayne Lee wrote:
< SNIP >
>> if the packets are not diverted into squid there is something wrong with your setup.
>> if you will post your squid config routes and iptables i will might be able to help you.
>> for me squid works with wither tproxy\dnat\redirect + wccp or with basic routing rules.
>> Regards,
>> Eliezer
>> --
>> Eliezer Croitoru
>> IT consulting for Nonprofit organizations
>> eliezer <at>
> Hello
> I followed your guide on this post although I swapped the wccp redirect statements around
> You had
> ip wccp 80 redirect out
> ip wccp 90 redirect in
> I changed it to
> ip wccp 90 redirect in
> ip wccp 80 redirect out
> No traffic was being redirected down the wccp until I changed it. Everything else was as you posted. Packets were not being diverted or tproxy'ed into squid which has been my issue all along. I'm happy to set it up that way again and provide whatever debug output required as I would prefer the wccp for failover purposes. Any/all help and guidance is appreciated.
> Regards
> Wayne
well the order dosnt matter because it's evaluated based on the "IN" and
"OUT" status.
so in any case you will put in before or after 90 the check wont be
applied as "IN" on "OUT".
it's a one way check.

anyway i'm happy it works good for you.
i wrote a wiki page about how to set it up with a very nice diagram of
the topology at:

i was thinking about people that runs web cache with a linux router and
not a Cisco device.
They do not have this kind of a solution so i was thinking of writing
some scripts and a small daemons pair.
one for the linux router and the other for the cache servers.
it will manage packet marking on iptables "PREROUTING" table with maybe
some additional dynamic tables.

and the other on the squid box to identify the it is still there and

based on wccp methods it's pretty simply to implement.
wccp is a "binary" protocol while i was thinking to implement it based
on text + basic encryption option.

i wrote already a nice pair of helpers that checks if a cache peer is
runing and well.
so it's only matter of signaling the current status from the cache to
the router every specific predefined interval and making sure that the
settings are intact.

this guy wrote POTATO:

with web interface and stuff for load balancing couple dsl line.
the idea is kind the same and i think i can make it useful.


Eliezer Croitoru
IT consulting for Nonprofit organizations
eliezer <at>
Received on Thu Jul 19 2012 - 23:04:14 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 20 2012 - 12:00:01 MDT