Re: WCCP v1 + Squid 2.5S9 + kernel 2.6.5 problem

Hi,

At 04:17 p.m. 24/03/2005, Muthukumar wrote:
>Dear Dev Team,
>
>I have problem in configuring the WCCP v1 + Squid 2.5S9 + kernel 2.6.5.
>The following is our configurations and settings. The Squid
>machine and the router are comminocating with the WCCP packets as i get
>the UDP 2048 packets to and fro between the router and the
>squid. Please let me know if we missed out anything.
>
> --------------
> 203.157.193.81 -- Router with wccp v1 IOS 12.2
> --------------

What version particularly? Is it a 12.2 GD release? Not every release of
IOS works well with WCCP, so I advise you to run a GD release and not a T
or LD release. I have found that certain releases work, then the next
release will break with certain other combinations of new features etc etc

> |
> |
> |
> |
> -------------------------------------------
> | | |
> | | |
> | | |
>203.157.193.82 203.157.193.89 203.157.193.85
> (squid) (client) (My system)
>
>
>
>Router ip: 203.157.193.81
>cache system: 203.157.193.82
>Squid version: 2.5stable9
>
>Linux Kernel Version 2.6.5

This is very old. If you are running 2.6.10 or better (I suggest 2.6.11)
then the WCCP/GRE support is built into ip_gre. In addition, you'll pick
up many security and performance fixes.

>First used the kernel with ip_gre enabled and compiled
>Second time used the ip_wccp patch from squid-cache.org site.
>and compiled the kernel with ip_gre and ip_wccp enabled
>
>used
>
>modprobe ip_gre
>modprobe ip_wccp

You only should load one of these, not both. I suggest just ip_gre under
linux, simply because if you are using a recent version of the kernel, you
will not need to patch or compile any external (non in-kernel) modules such
as ip_wccp.

>/etc/sysctl.conf
>
>net.ipv4.ip_forward = 1
>net.ipv4.conf.default.rp_filter = 0
>kernel.sysrq = 0
>
>Executed "sysctl -p"
>
>Squid.conf
>---------
>
>wccp_version 4
>wccp_router 203.157.193.81
>
>http_port 3128
>
>-------------------
>
>In squid machine (203.157.193.82)
>
>
>
>iptunnel add gre1 mode gre remote 203.157.193.81 local 203.157.193.82 dev eth0
>ifconfig gre1 127.0.0.2 up
>iptables -t nat -A PREROUTING -d ! 203.157.193.82 -i gre1 -p tcp --dport
>80 -j DNAT --to 203.157.193.82:3128

try:

iptables -t nat -A prerouting -d ! 203.157.193.82 -p tcp --dport 80 -j DNAT
--to 203.157.193.82:3128

You may also want to expand your '!' section to include your local network,
as I assume you don't really want to redirect locally hosted content to
your cache.

>when i telnet visolve.com from the client system : 203.157.193.86 i get
>the following output in the tcpdump. but no entries in the
>access.log
>I have aslo tried REDIRECT instead of DNAT failed.

I think you're already on the right track, just make some small changes.

Reuben
Received on Wed Mar 23 2005 - 23:48:59 MST