Hi Nigel,
I have just upgraded all my Redhat 7.2 Squid servers to Fedora FC3, and
I have WCCP working fine.
It sounds like you have the squid wccp bit done ok - that's what does
the hello stuff. - check your output from debug ip icmp on your router -
if you're getting protocol unreachable, the problem is your wccp
interception at the kernel on your squid box.
I backed the kernel down to 2.6.8, only because that is what the wccp
module had been supposedly written for. You shouldn't need to play
around with sysctl settings, although you might need to switch off ECN
if on and your testing indicates a need.
I've never used ip_gre, only the ip_wccp module:
Download the ip_wccp.c module from the Squid FAQ into /var/tmp
echo 'obj-m := ip_wccp.o' > Makefile
make -C /usr/src/linux M=$PWD V=1 modules
cp ip_wccp.ko /lib/modules/2.6.8/kernel/net/ipv4
edit modules dep file (vi /lib/modules/2.6.8/modules.dep) and add the
following line:
/lib/modules/2.6.8/kernel/net/ipv4/ip_wccp.ko:
modprobe ip_wccp
Squid config fragment:
wccp_version 4
wccp_router 10.129.110.251
snmp_port 3401
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Cisco config:
ip wccp web-cache redirect-list 100
ip wccp version 1
ip cef
interface fa0/0
! facing the firewall
ip wccp web-cache redirect out
no ip redirects
ip route-cache same-interface
interface fa0/1
! facing the internal network
! don't classify internal traffic
access-list 100 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
! classify internet bound traffic
access-list 100 permit 10.0.0.0 0.255.255.255 any
access-list 100 deny ip any
IPtables config:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT \
--to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT \
--to 127.0.0.1:3128
Hope that something in the above sorts your problem, otherwise let me
know and I will send you my (tediously long) build log which I wrote for
the non-linux guys here.
Regards
Philip Damian-Grint
CCNP
Infrastructure Team
Business Systems & IT
Colliers CRE
Tel. +44(0)20 7487 1928
Fax. +44(0)20 7487 1671
Confidentiality Notice
This communication and the information it contains:
(a) is intended for the person(s) or Organisation(s) named above and for no other persons or organisations and,
(b) may be confidential, legally privileged and protected by law.
Unauthorised use, copying or disclosure of any of it may be unlawful.
When addressed to our clients any opinions or advice contained in this e-mail are subject to CCRE's terms and conditions of business notified to the client or expressed in the governing client engagement letter.
If you receive this communication in error, please notify us immediately, destroy any copies and delete it from your computer system.
Received on Fri May 20 2005 - 10:16:06 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:03 MDT