I'm trying to get a transparent proxy set up using the following configuration: Squid is 2.5STABLE14 (compiled from source, with --enable-linux-netfilter) Linux is OpenSuse 10.1, which is Kernel 2.6.16, installed from the released CDs, no custom kernel stuff. Router is Cisco 3620 with IOS Version 12.2(15)T17. I'm almost there, but even though my router and Squid box see each other and are communicating (I see you / here I am packets are going through, and good news in the 'sho ip wccp'), I'm missing something, I believe in the iptables or ip tunnel configuration, based on the Squid WIKI. "The most common problem people have is that the router and cache are talking to each other and traffic is being redirected from the router but the traffic decapsulation process is either broken or (as is almost always the case) misconfigured. This is often a case of your traffic rewriting rules on your cache not being applied correctly" I've been beating my head against this for a week now, and can't find the problem. (NOTE: I can use the squid cache by configuring my browser manually for a proxy.) Here's my config info. Perhaps someone wiser could point me in a direction to try? -------------------------------------- OpenSuse 10.1 x86 (Kernel 2.6.16) (installed from downloaded CDs, no kernel customization) Cisco 3620 with IOS Version 12.2(15)T17 Squid squid-2.5.STABLE14 built from source with '--enable-linux-netfilter' Instructions I'm following: ==== http://wiki.squid-cache.org/SquidFaq/InterceptionProxy (I've actually been using several sources, but the link above seems pretty definitive.) Relevant IPs: ==== 172.16.1.254 (the internal router port, where both squid and the clients reside) 172.16.50.254 (router port that points to the outside world) 172.16.1.171 (squid host, has only a single interface) squid.conf (relevant stuff): ==== http_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on wccp_router 172.16.1.254 Linux config stuff ==== echo `1` > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 ip tunnel add wccp0 mode gre remote 172.16.1.254 local 172.16.1.171 dev eth0 ip addr add 172.16.1.171/24 dev wccp0 ip link set wccp0 up Cisco router stuff ==== config t ip wccp version 1 ip wccp web-cache redirect-list 150 access-list 150 permit tcp host 172.16.1.45 any access-list 150 deny tcp any any config t int eth1/2 (the 172.16.50.254 interface) ip wccp web-cache redirect-list 150 (I want to get squid working on a test workstation, before I point everyone to it) Wade Guidry, MCSE, Network+ Systems Manager, Coastal Resource Sharing Network 503.801.2073 wade@xxxxxxxxxxxxxx http://crsn.beachbooks.org
