[squid-users] Transparent proxy with WCCP from Alibek Bolatov on 2011-01-07 (squid-users)

From: Alibek Bolatov <alibek.bolatov_at_gmail.com>
Date: Fri, 7 Jan 2011 19:43:17 +0300

OS: CentOS 5,5, 2.6.18-194.26.1.el5
Squid 2.6.STABLE21 (from repo, with --enable-wccpv2 options)
Cisco 7201 (Cisco IOS Software, 7200 Software (C7200P-IK91S-M),
Version 12.2(31)SB17, RELEASE SOFTWARE (fc1), image file
c7200p-ik91s-mz.122-31.SB17.bin)

I can not configure a transparent proxy.
I hereby make the following:

Cisco 7201
----------------------------------------
...
ip wccp web-cache redirect-list PROXY
...
interface GigabitEthernet0/0
ip address ...
ip nat outside
...
interface GigabitEthernet0/1
no ip address
interface GigabitEthernet0/1.100
encapsulation dot1Q 100
ip unnumbered Loopback3
no ip unreachables
ip wccp web-cache redirect out
ip nat inside
...
ip access-list extended PROXY
deny ip host 192.168.2.2 any
deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.000.255.255
permit tcp 192.168.1.0 0.0.0.255 any eq www
deny ip any any
...
----------------------------------------

squid.conf
----------------------------------------
wccp2_router 192.168.255.250 (loopback on C7201)
wccp2_address 192.168.2.2
wccp2_forwarding_method 1
wccp2_return_method 1
...
----------------------------------------

GRE-tunnel script
----------------------------------------
#!/bin/sh
ip tunnel add lnk0 mode gre remote 192.168.255.250 local 192.168.2.2 dev eth0
ifconfig lnk0 11.22.33.44 up
/sbin/iptables -t nat -A PREROUTING -i lnk0 -p tcp --dport 80 -j DNAT
--to-destination 192.168.2.2:3128
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/$IF_MAIN/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/$IF_PTP/rp_filter
----------------------------------------

Cisco info
----------------------------------------
#show ip wccp web-cache
Global WCCP information:
    Router information:
        Router Identifier: 192.168.255.250 (loopback)
        Protocol Version: 2.0

    Service Identifier: web-cache
        Number of Cache Engines: 0
        Number of routers: 0
        Total Packets Redirected: 0
        Redirect access-list: PROXY
        Total Packets Denied Redirect: 0
        Total Packets Unassigned: 0
        Group access-list: -none-
        Total Messages Denied to Group: 0
        Total Authentication failures: 0
        Total Bypassed Packets Received: 0

#show ip wccp web-cache detail
WCCP Cache-Engine information:
        Web Cache ID: 192.168.2.2
        Protocol Version: 2.0
        State: NOT Usable
        Redirection: L2
        Packet Return: L2
        Packets Redirected: 0
        Connect Time: 00:00:21
        Assignment: MASK

#show ip wccp web-cache view
WCCP Routers Informed of:
-none-

WCCP Cache Engines Visible:
192.168.2.2

WCCP Cache Engines NOT Visible:
-none-
----------------------------------------

Based on the results 'show ip wccp', Cisco does not see the Squid, as
cache-engine.
Advise what I need to fix it?

-- 
WBR, Alibek

Received on Fri Jan 07 2011 - 16:43:20 MST

This archive was generated by hypermail 2.2.0 : Sun Jan 16 2011 - 12:00:02 MST