I had a similar problem using CentOS 4. My problem turned out to be the
default Redhat iptables rules. Squid would work if I pointed my browser
to it but for some reason WCCP redirected packets would not get processed.
I turned off the iptables service and then added the redirect rule. Works
fine now but I'm not sure why. I'll figure it out later.
Ryan
"Kamel A. Baba" <kamelbaba@xxxxxxxxxxxxx>
03/14/2006 02:35 PM
To
squid-users@xxxxxxxxxxxxxxx
cc
Kamel Baba <kamelbaba@xxxxxxxxxxxxx>
Subject
Transparent caching problem
Hi,
This is kind of driving me crazy. I've been trying to
get transparent caching to work for the last 2 days
without success.
I am only posting to get help after I read so much on
this and I think I quite understand what needs to be
done but still DG/SQUID do not see the traffic.
Ok, so I have a RHEL ES 4 box running DansGuardian and
Squid. DG listening on 8080 and squid on 3128. I have
a Cisco 3640 with wccp enabled. Router can see the
cache and traffic redirection on the router is working
fine and it gets all the way to the DG/squid box and
is actually being decapsulated (can see that through
ethereal). I am using the ip_wccp mod.
I also have the required iptables rule in place to
redirect traffic to DG port 8080.
Here's the output of iptables -t nat -L:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere
tcp dpt:http redir ports 8080
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
If I manuallay setup my browser to point directly to
DG:8080, everything works nicely which tells me DG and
squid are able to work together ok in both direction.
I think the problem is somehow traffic is not getting
redirected to port 8080 after being decapsulated.
Any ideas why?
I have ip forwarding enabled. Also, here are the
relevent settings of DG:
filterip = 127.0.0.1
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
and squid:
http_port 3128
acl localhost src 127.0.0.1/255.255.255.255
http_access allow localhost
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
wccp_router 80.246.48.1
wccp_version 4
from the router:
LOLROUTER#show ip wccp web-cache
Global WCCP information:
Router information:
Router Identifier:
80.246.49.5
Protocol Version: 1.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 1478790
Redirect access-list: www
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
LOLROUTER#show ip wccp web-cache detail
WCCP Cache-Engine information:
Web Cache ID: 0.0.0.0
Protocol Version: 0.4
State: Usable
Initial Hash Info:
00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info:
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 219
Connect Time: 01:56:26
Any help is much appreciated.
Thanks,
Kamel
