Transparent Proxy with wccp on Fedora Core 4

[Kola Ibikunle <kola@xxxxxxxxxxxxxxxx>]

I have problems getting Transparent Proxy to work and would be glad if 
you can look thru this

I have a Cisco router with wccp enabled and the squid server compiled 
from source tarball runs on a Fedora Core 4. My understanding is that It 
is not necessary to patch the kernel as ip_gre is already enabled. 
Proxying works when browser configuration is done, however transparent 
proxying does not work.

The message from the squid box (192.168.1.23) is

  IP 192.168.1.18 > 192.168.1.23: gre-proto-0x883e
  IP 192.168.1.23 >192.168.1.18: icmp host 192.168.1.23  unreachable
  -admin prohibited


while the  router (192.168.1.18) gives same message via
debug ip wccp packet

  and

debug ip icmp

     /*Mar  1 01:12:09.775: WCCP-PKT: Received valid Here_I_Am packet
     from 192.168.1.23 w/rcvd_id 00000113
     *Mar  1 01:12:09.775: WCCP-PKT: Sending I_See_You packet to
     192.168.1.23 w/ rcvd_id 00000114
     *Mar  1 01:12:10.071: ICMP: dst (192.168.1.18) prohibited
     unreachable rcv from 192.168.1.23
     *Mar  1 01:12:12.991: ICMP: dst (192.168.1.18) prohibited
     unreachable rcv from 192.168.1.23
     *Mar  1 01:12:19.003: ICMP: dst (192.168.1.18) prohibited
     unreachable rcv from 192.168.1.23
     *Mar  1 01:12:20.235: WCCP-PKT: Received valid Here_I_Am packet
     from 192.168.1.23 w/rcvd_id 00000114
     *Mar  1 01:12:20.235: WCCP-PKT: Sending I_See_You packet to
     192.168.1.23 w/ rcvd_id 00000115
     *Mar  1 01:12:30.519: WCCP-PKT: Received valid Here_I_Am packet
     from 192.168.1.23 w/rcvd_id 00000115
     *Mar  1 01:12:30.519: WCCP-PKT: Sending I_See_You packet to
     192.168.1.23 w/ rcvd_id 00000116
     *Mar  1 01:12:31.395: ICMP: dst (192.168.1.18) prohibited
     unreachable rcv from 192.168.1.23
     /

The router recognizes the squid box as confirmed from the message below.
     /Router#sh ip wccp
     Global WCCP information:
         Router information:
             Router Identifier:                   192.168.1.18
             Protocol Version:                    1.0

         Service Identifier: web-cache
             Number of Cache Engines:             1
             Number of routers:                   1
             Total Packets Redirected:            166
             Redirect access-list:                150
             Total Packets Denied Redirect:       0
             Total Packets Unassigned:            0
             Group access-list:                   -none-
             Total Messages Denied to Group:      0
             Total Authentication failures:       0/



the ip tunnel as been set as shown

My router config is below


     /Cisco Internetwork Operating System Software
     IOS (tm) 3700 Software (C3745-IS-M), Version 12.2(13)T10,        
RELEASE SOFTWARE (fc1)
     TAC Support: http://www.cisco.com/tac
     Copyright (c) 1986-2003 by cisco Systems, Inc.
     Compiled Wed 26-Nov-03 02:37 by nmasa
     Image text-base: 0x60008940, data-base: 0x61994000

     ROM: System Bootstrap, Version 12.2(8r)T2, RELEASE SOFTWARE (fc1)

     Router uptime is 1 hour, 7 minutes
     System returned to ROM by power-on
     System image file is "flash:c3745-is-mz.122-13.T10.bin"

     cisco 3745 (R7000) processor (revision 2.0) with 196608K/11264K
     bytes of memory.
     Processor board ID JMX0802L3EA
     R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2,
     2048KB L3 Cache
     MICA-6DM Firmware: CP ver 2730 - 5/23/2001, SP ver 2730 - 5/23/2001.
     Bridging software.
     X.25 software, Version 3.0.0.
     SuperLAT software (copyright 1990 by Meridian Technology Corp).
     2 FastEthernet/IEEE 802.3 interface(s)
     30 terminal line(s)
     DRAM configuration is 64 bits wide with parity disabled.
     151K bytes of non-volatile configuration memory.
     125440K bytes of ATA System CompactFlash (Read/Write)

     Configuration register is 0x101

     /

Below is the router configuration fileRouter#sh conf

     /Using 1285 out of 155640 bytes
     !
     version 12.2
     service timestamps debug datetime msec
     service timestamps log datetime msec
     no service password-encryption
     !
     hostname Router
     !
     no logging buffered
     enable secret 5 $1$.nU6$zrTYq3u9FqrEs1z3VR6yO/
     enable password 1234
     !
     ip subnet-zero
     ip wccp version 1
     ip wccp web-cache redirect-list 150
     !
     !
     !
     !
     !
     !
     !
     !
     !
     !
     !
     !
     !
     !
     mta receive maximum-recipients 0
     !
     !
     !
     !
     interface FastEthernet0/0
      ip address 192.168.1.18 255.255.255.0
      no ip unreachables
      ip nat inside
      no ip mroute-cache
      speed auto
      half-duplex
      no cdp enable
     !
     interface FastEthernet0/1
      ip address 64.110.65.17 255.255.255.128
      no ip unreachables
      ip wccp web-cache redirect out
      ip nat outside
      no ip mroute-cache
      duplex auto
      speed auto
      no cdp enable
     !
     router rip
      network 64.0.0.0
     !
     ip nat pool ovrld 64.110.65.18 64.110.65.18 prefix-length 24
     ip nat inside source list 7 pool ovrld overload
     ip classless
     ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
     ip http server
     !
     !
     access-list 7 permit 192.168.1.0 0.0.0.255
     access-list 150 permit tcp 192.168.1.0 0.0.0.255 any
     access-list 150 deny tcp any any
     !
     !
     call rsvp-sync
     !
     !
     mgcp profile default
     !
     !
     !
     dial-peer cor custom
     !
     !
     !
     !
     line con 0
      exec-timeout 0 0
     line 33 62
      flush-at-activation
     line aux 0
     line vty 0 4
      password 12345
      login
     !
     end
     /