Rightio! # On squid: wccp2_service dynamic 80 wccp2_service_info 80 protocol=tcp priority=240 ports=80,8000,2080 tcp_outgoing_address 203.56.15.78 wccp2_router 192.168.1.1:2048 http_port 192.168.1.10:3128 transparent vport=80 http_port 192.168.1.10:8000 transparent vport=8000 http_port 192.168.1.10:2080 transparent vport=2080 http_port localhost:3128 (I have a squid box that's intercepting WCCP stuff from a NAT'ted network; and to do it "right" it seems I need to intercept it on the internal interface. Squid then connects out using its other "public" interface.) # On the router: ! ip wccp 80 ! interface FastEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip wccp 80 redirect in ip nat inside ip virtual-reassembly duplex auto speed auto ! # /root/wccp.sh : iptables -F -t nat iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128 iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 8000 -j DNAT --to-destination 192.168.1.10:8000 iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 2080 -j DNAT --to-destination 192.168.1.10:2080 Let me know if that works. Adrian On Wed, Sep 13, 2006, Tom Warren wrote: > I have recently set up a transparent squid cache at the small ISP > where I work using Fedora Core 4 and squid-2.6.STABLE3. It is > performing well but I'd like to cache additional traffic such as > alternate HTTP ports and maybe later even FTP using something like > FROX. > > The problem is after days of searching I've found sparse information > on Squid's 'wccp2_service dynamic' and 'wccp2_service_info' > configuration parameters. I've tried something like this: > > wccp2_service dynamic 80 password=foo > wccp2_service_info 80 protocol=tcp flags=src_ip_hash,ports_source > priority=240 ports=8080,2080,2443 > > > The Cisco router was configured thusly: > > ip wccp 80 redirect-list 3 group-list 10 password 7 XYXYXYXY > > > Then from my workstation (the only host in access-list 3) I visit > something like: > > http://snind.gotdns.com:8080/ > > The page loads but although the Cisco router sees the cache register > service ID 80, it never redirects any packets; I always see: > > core#sh ip wccp 80 > Global WCCP information: > Router information: > Router Identifier: xxx.yyy.zzz.50 > Protocol Version: 2.0 > > Service Identifier: 80 > Number of Cache Engines: 1 > Number of routers: 1 > Total Packets Redirected: 0 > Redirect access-list: 3 > Total Packets Denied Redirect: 0 > Total Packets Unassigned: 0 > Group access-list: 10 > Total Messages Denied to Group: 0 > Total Authentication failures: 0 > > > I've tried several other permutations of the Squid wccp 'info' > parameter to no avail. I'd like to know the following: > > - What is the standard syntax for redirecting multiple ports using > 'wccp2_service dynamic' and 'wccp2_service_info' configuration > parameters. > > - Can I operate standard (web-cache) and dynamic services simultaneously? > > - After I successfully redirect other ports like 8080, et. al. to > squid, will it automagically use the original port number in its > request? > > Much thanks, > > Tom
