Henrik, I don't see a gre tunnel being created in your script is this because a gre tunnel is not necessary? (ex. iptunnel add gre1 mode gre remote 150.125.125.98 local 150.125.125.114 dev eth0 ) Thanks, -- Chad On 11/14/06, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote:
tis 2006-11-14 klockan 14:53 +0800 skrev Adrian Chadd: > On Mon, Nov 13, 2006, Chad Harrelson wrote: > > Thanks Adrian, however, I have a requirement to make this work on the > > my current version of squid (2.5) so WCCP v.1 will have to do. > > Ah. Grr, Redhat needs to test and upgrade their Squid packages already. There is unofficial current "bleeding edge" RHEL Squid packages available from RedHat, or more precisely from the Squid package maintainer at RedHat. The URL can be found in the squid-users archives. > I've done it for each interface just in case. I know for certain from both theory and practice that it's sufficient to disable rp_filter on the created gre tunnel interface. Here is an example script setting up all networking level parameters needed for WCCP/WCCP2 using ip_gre: #!/bin/sh # Set this to the public/primary IP of the WCCP router ROUTER=10.0.0.1 iptables-restore <<EOF *nat :INTERCEPT - :PREROUTING ACCEPT :POSTROUTING ACCEPT :OUTPUT ACCEPT -A PREROUTING -j INTERCEPT COMMIT EOF ip link set wccp down 2>/dev/null ip tunnel del wccp 2>/dev/null ipaddr=`/sbin/ip addr show dev eth0 | awk '/inet / {print $2}'` ip=`echo $ipaddr | cut -d/ -f1` ip tunnel add wccp dev eth0 mode gre remote $ROUTER ip addr add $ip/32 dev wccp echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter echo 1 >/proc/sys/net/ipv4/ip_forward ip link set wccp up iptables -t nat -F INTERCEPT iptables -t nat -A INTERCEPT -i wccp -p tcp -j REDIRECT --to-ports 3128 #END This script assumes the WCCP router is on the eth0 interface. Modify as needed if your network layout is different. Regards Henrik