Re: [squid-users] WCCP Howto RHEL3.1 w/ 2.4.x kernel

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Tue, 14 Nov 2006 11:14:57 +0100

tis 2006-11-14 klockan 14:53 +0800 skrev Adrian Chadd:
> On Mon, Nov 13, 2006, Chad Harrelson wrote:
> > Thanks Adrian, however, I have a requirement to make this work on the
> > my current version of squid (2.5) so WCCP v.1 will have to do.
>
> Ah. Grr, Redhat needs to test and upgrade their Squid packages already.

There is unofficial current "bleeding edge" RHEL Squid packages
available from RedHat, or more precisely from the Squid package
maintainer at RedHat. The URL can be found in the squid-users archives.

> I've done it for each interface just in case.

I know for certain from both theory and practice that it's sufficient to
disable rp_filter on the created gre tunnel interface.

Here is an example script setting up all networking level parameters
needed for WCCP/WCCP2 using ip_gre:

#!/bin/sh
# Set this to the public/primary IP of the WCCP router
ROUTER=10.0.0.1
iptables-restore <<EOF
*nat
:INTERCEPT -
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
:OUTPUT ACCEPT
-A PREROUTING -j INTERCEPT
COMMIT
EOF

ip link set wccp down 2>/dev/null
ip tunnel del wccp 2>/dev/null

ipaddr=`/sbin/ip addr show dev eth0 | awk '/inet / {print $2}'`
ip=`echo $ipaddr | cut -d/ -f1`
ip tunnel add wccp dev eth0 mode gre remote $ROUTER
ip addr add $ip/32 dev wccp
echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter
echo 1 >/proc/sys/net/ipv4/ip_forward
ip link set wccp up

iptables -t nat -F INTERCEPT
iptables -t nat -A INTERCEPT -i wccp -p tcp -j REDIRECT --to-ports 3128
#END

This script assumes the WCCP router is on the eth0 interface. Modify as
needed if your network layout is different.

Regards
Henrik
Received on Tue Nov 14 2006 - 03:15:02 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST