Re: Re: [squid-users] WCCP from Mika Aleksandroff on 2001-09-26 (squid-users)

From: Mika Aleksandroff <mika.aleksandroff@dont-contact.us>
Date: Wed, 26 Sep 2001 22:23:48 +0300

>> I've been trying to do the same and with Joe's latest mail on the subject
>> I'm able to get traffic redirected (to my Squid?) but nothing happens. Squid
>> sees no redirected traffic. My router can see Squid, it can ping the
>> gre-tunnel's ip address, I have the iptables redirect command and my
>> Squid is compiled with netfilter-support.
>did you enable routing (packet forwarding) on linux?

Yep. I've done this, in this order:

1. Configure WCCP on the cisco router (IOS 12.0(7)XE1)
2. echo 1 >/proc/sys/net/ipv4/ip_forward
3. modprobe ip_gre
4. iptunnel add gre1 mode gre remote <remote-ip> local <local-ip> dev eth0
   - <remote-ip> is cisco's primary ip on the vlan <local-ip> is connected
   - I have also tried the primary address of the vlan that is connected to the internet
     (ip wccp web-cache redirect out)
5. ifconfig gre1 <local-ip> netmask <mask> up
   - local-ip is on the same subnet as the eth0 ip and accessible from the router
6. Configure Squid (wccp_router <remote-ip>, other wccp options commented out)
   - I have also tried configuring wccp_outgoing_address to <local-ip>
7. iptables -t nat -I PREROUTING -d 0/0 -i gre1 -p tcp --dport 80 -j REDIRECT --to-port 800
8. Restart Squid

My Cisco says:

WCCP Cache-Engine information:
        IP Address: <local-ip>
        Protocol Version: 0.4
        State: Usable
        Initial Hash Info: 00000000000000000000000000000000
                               00000000000000000000000000000000
        Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
                               FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
        Hash Allotment: 256 (100.00%)
        Packets Redirected: 8
        Connect Time: 00:05:48

If I try to connect anywhere nothing happens, "unable to connect to remote host".

My 'iptables -L -t nat -v' shows:
Chain PREROUTING (policy ACCEPT 204700 packets, 15727746 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- gre1 any anywhere anywhere tcp dpt:http redir ports 800

So packets seem to disappear somewhere. It can't be this hard, I must be missing something annoyingly obvious... I have also tried adding a rule to redirect everything going to port 80 to port 800. I have other Squid on 2.2 kernel machine but I haven't tried these actions there yet.

Behave,
Mika A, ATK-Keskus
Kymenlaakso Polytechnic
Received on Wed Sep 26 2001 - 13:24:28 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:30 MST