[squid-users] Squid 3.1 with Tproxy and WCCP on Cisco 3550

From: mudasirmirza <mudasirmirza_at_gmail.com>
Date: Mon, 28 Oct 2013 12:33:50 -0700 (PDT)


I am working on setting up Squid 3.1 with Tproxy using WCCP on Cisco 3550.

Configs that I am using is below

Router and Proxy both are on Public IPs, traffic coming in from clients are
also Public IP
But for some reason the Router Identifier IP is showing as Local IP which is
being used to access router from local network.

[root_at_proxy squid]# cat squid.conf
##start of config

http_port 3127 tproxy

icp_port 3130
icp_query_timeout 5000

pid_filename /var/run/squid-3127.pid
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.local
unique_hostname proxy.local
cache_mgr noc_at_proxy.local

access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
logfile_rotate 1
shutdown_lifetime 10 seconds

acl localnet src X.X.X.X/X # Public IP range for clients
acl squidlocal src

uri_whitespace strip
request_header_max_size 120 KB
cache_mem 8 GB
maximum_object_size_in_memory 1 MB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
max_filedesc 65500

cache_dir aufs /cache1 850000 64 256 max-size=20971520
cache_dir aufs /cache2 850000 64 256 max-size=20971520
cache_dir aufs /cache3 850000 64 256 max-size=20971520
cache_dir aufs /cache4 850000 64 256 max-size=20971520

minimum_object_size 512 bytes
maximum_object_size 100 MB
offline_mode off
cache_swap_low 98
cache_swap_high 99

# No redirector configured

wccp2_rebuild_wait off
wccp2_forwarding_method 2
wccp2_return_method 1
wccp2_assignment_method 1
# Setup some default acls
acl all src all
acl localhost src
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 3127
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin \?

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

# Allow local network(s) on interface(s)
http_access allow localnet
http_access allow squidlocal

# Default block all to be sure
http_access deny all

qos_flows local-hit=0x30
qos_flows sibling-hit=0x31
qos_flows parent-hit=0x32

##end of config

*Router config related to WCCP*

Switch-3550#sh ru
ip wccp web-cache

interface FastEthernet0/15
 description PPTP-Server
 no switchport
 ip address X.X.X.X
 ip wccp web-cache redirect in

interface GigabitEthernet0/2
 description ***Squid-Proxy***
 no switchport
 ip address X.X.X.X

Switch-3550#sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier:
        Protocol Version: 2.0

    Service Identifier: web-cache
        Number of Service Group Clients: 0
        Number of Service Group Routers: 0
        Total Packets s/w Redirected: 0
          Process: 0
          CEF: 0
        Redirect access-list: -none-
        Total Packets Denied Redirect: 0
        Total Packets Unassigned: 0
        Group access-list: -none-
        Total Messages Denied to Group: 0
        Total Authentication failures: 0
        Total Bypassed Packets Received: 0


As I am new to WCCP with Squid, I do not know a great detail of configuring
WCCP and Squid.

With above config, I do not see any traffic being redirected to squid.

Any help is greatly appreciated.

Mudasir Mirza

View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-1-with-Tproxy-and-WCCP-on-Cisco-3550-tp4662987.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Mon Oct 28 2013 - 19:34:30 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 29 2013 - 12:00:06 MDT