I have executed the script (the only changes I made were to the router
address and the iptables destination port. I run squid on port 80 so
I change to the script from 3128 to 80). The script executed
flawlessly, however WCCP does not appear to be working. The show
packets being redirected:
ISSR#sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 192.168.169.1
Protocol Version: 1.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 47405
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
ISSR#
And it shows the ip address of my squid box:
ISSR#sh ip wccp web-cache view
WCCP Routers Informed of:
-none-
WCCP Cache Engines Visible:
150.125.125.114
WCCP Cache Engines NOT Visible:
-none-
ISSR#
But again, nothing in tcpdump and nothing in /var/log/squid/access.log
Any suggestions?
Thanks,
-- Chad
On 11/14/06, Henrik Nordstrom <henrik@henriknordstrom.net> wrote:
> tis 2006-11-14 klockan 14:53 +0800 skrev Adrian Chadd:
> > On Mon, Nov 13, 2006, Chad Harrelson wrote:
> > > Thanks Adrian, however, I have a requirement to make this work on the
> > > my current version of squid (2.5) so WCCP v.1 will have to do.
> >
> > Ah. Grr, Redhat needs to test and upgrade their Squid packages already.
>
> There is unofficial current "bleeding edge" RHEL Squid packages
> available from RedHat, or more precisely from the Squid package
> maintainer at RedHat. The URL can be found in the squid-users archives.
>
> > I've done it for each interface just in case.
>
> I know for certain from both theory and practice that it's sufficient to
> disable rp_filter on the created gre tunnel interface.
>
> Here is an example script setting up all networking level parameters
> needed for WCCP/WCCP2 using ip_gre:
>
> #!/bin/sh
> # Set this to the public/primary IP of the WCCP router
> ROUTER=10.0.0.1
> iptables-restore <<EOF
> *nat
> :INTERCEPT -
> :PREROUTING ACCEPT
> :POSTROUTING ACCEPT
> :OUTPUT ACCEPT
> -A PREROUTING -j INTERCEPT
> COMMIT
> EOF
>
> ip link set wccp down 2>/dev/null
> ip tunnel del wccp 2>/dev/null
>
> ipaddr=`/sbin/ip addr show dev eth0 | awk '/inet / {print $2}'`
> ip=`echo $ipaddr | cut -d/ -f1`
> ip tunnel add wccp dev eth0 mode gre remote $ROUTER
> ip addr add $ip/32 dev wccp
> echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter
> echo 1 >/proc/sys/net/ipv4/ip_forward
> ip link set wccp up
>
> iptables -t nat -F INTERCEPT
> iptables -t nat -A INTERCEPT -i wccp -p tcp -j REDIRECT --to-ports 3128
> #END
>
> This script assumes the WCCP router is on the eth0 interface. Modify as
> needed if your network layout is different.
>
> Regards
> Henrik
>
>
Received on Tue Nov 14 2006 - 07:48:25 MST
This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST