I have executed the script (the only changes I made were to the router address and the iptables destination port. I run squid on port 80 so I change to the script from 3128 to 80). The script executed flawlessly, however WCCP does not appear to be working. The show packets being redirected: ISSR#sh ip wccp Global WCCP information: Router information: Router Identifier: 192.168.169.1 Protocol Version: 1.0 Service Identifier: web-cache Number of Cache Engines: 1 Number of routers: 1 Total Packets Redirected: 47405 Redirect access-list: -none- Total Packets Denied Redirect: 0 Total Packets Unassigned: 0 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 ISSR# And it shows the ip address of my squid box: ISSR#sh ip wccp web-cache view WCCP Routers Informed of: -none- WCCP Cache Engines Visible: 150.125.125.114 WCCP Cache Engines NOT Visible: -none- ISSR# But again, nothing in tcpdump and nothing in /var/log/squid/access.log Any suggestions? Thanks, -- Chad On 11/14/06, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote:
tis 2006-11-14 klockan 14:53 +0800 skrev Adrian Chadd: > On Mon, Nov 13, 2006, Chad Harrelson wrote: > > Thanks Adrian, however, I have a requirement to make this work on the > > my current version of squid (2.5) so WCCP v.1 will have to do. > > Ah. Grr, Redhat needs to test and upgrade their Squid packages already. There is unofficial current "bleeding edge" RHEL Squid packages available from RedHat, or more precisely from the Squid package maintainer at RedHat. The URL can be found in the squid-users archives. > I've done it for each interface just in case. I know for certain from both theory and practice that it's sufficient to disable rp_filter on the created gre tunnel interface. Here is an example script setting up all networking level parameters needed for WCCP/WCCP2 using ip_gre: #!/bin/sh # Set this to the public/primary IP of the WCCP router ROUTER=10.0.0.1 iptables-restore <<EOF *nat :INTERCEPT - :PREROUTING ACCEPT :POSTROUTING ACCEPT :OUTPUT ACCEPT -A PREROUTING -j INTERCEPT COMMIT EOF ip link set wccp down 2>/dev/null ip tunnel del wccp 2>/dev/null ipaddr=`/sbin/ip addr show dev eth0 | awk '/inet / {print $2}'` ip=`echo $ipaddr | cut -d/ -f1` ip tunnel add wccp dev eth0 mode gre remote $ROUTER ip addr add $ip/32 dev wccp echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter echo 1 >/proc/sys/net/ipv4/ip_forward ip link set wccp up iptables -t nat -F INTERCEPT iptables -t nat -A INTERCEPT -i wccp -p tcp -j REDIRECT --to-ports 3128 #END This script assumes the WCCP router is on the eth0 interface. Modify as needed if your network layout is different. Regards Henrik