[squid-users] Squid and WCCP with Centos

Hello anyone,

I am trying to get squid 3.1 to work with Centos 5.5 and Cisco ASA using WCCP.

The ASA has the cache session established. I see traffic on the Centos box on eth0 (gre traffic) and I see traffic on the gre1 interface (raw client traffic).

Take a look at the following:

[root_at_squidbox ~]#iptables -t nat -L -v

bytes target prot opt in out source destination
  741 41532 DNAT tcp -- gre1 any anywhere anywhere tcp dpt:http to:0.0.0.0:3129

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
   20 1952 MASQUERADE all -- any any anywhere anywhere

Chain OUTPUT (policy ACCEPT 20 packets, 1952 bytes)
pkts bytes target prot opt in out source destination

[root_at_squidbox ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:13:72:FA:45:EB
          inet addr:172.23.1.2 Bcast:172.23.1.255 Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:14361 errors:0 dropped:0 overruns:0 frame:0
          TX packets:675 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1467426 (1.3 MiB) TX bytes:95311 (93.0 KiB)
          Interrupt:169 Memory:f8000000-f8012800

gre1 Link encap:UNSPEC HWaddr AC-17-01-02-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:1.2.3.4 P-t-P:1.2.3.4 Mask:0.0.0.0
          UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
          RX packets:5884 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:326353 (318.7 KiB) TX bytes:0 (0.0 b)

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:1701 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1701 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2704276 (2.5 MiB) TX bytes:2704276 (2.5 MiB)

[root_at_squidbox ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root_at_squidbox ~]# cat /proc/sys/net/ipv4/conf/default/rp_filter
0
[root_at_squidbox ~]# cat /proc/sys/net/ipv4/conf/eth0/rp_filter
0
[root_at_squidbox ~]# cat /proc/sys/net/ipv4/conf/gre1/rp_filter
0

The problem I have is that the Squid Proxy does not ever seem to receive the traffic forwarded to it by iptables. The proxy is listening on 0.0.0.0:3129, but a debug results in "Engine is idle".

Any help at all would be great. I do not just want to walk away from this one.
Received on Tue Apr 19 2011 - 18:35:25 MDT