Search squid archive

Re: WCCP Howto RHEL3.1 w/ 2.4.x kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have executed the script (the only changes I made were to the router
address and the iptables destination port.  I run squid on port 80 so
I change to the script from 3128 to 80).  The script executed
flawlessly, however WCCP does not appear to be working.  The show
packets being redirected:

ISSR#sh ip wccp
Global WCCP information:
   Router information:
       Router Identifier:                   192.168.169.1
       Protocol Version:                    1.0

   Service Identifier: web-cache
       Number of Cache Engines:             1
       Number of routers:                   1
       Total Packets Redirected:            47405
       Redirect access-list:                -none-
       Total Packets Denied Redirect:       0
       Total Packets Unassigned:            0
       Group access-list:                   -none-
       Total Messages Denied to Group:      0
       Total Authentication failures:       0

ISSR#

And it shows the ip address of my squid box:

ISSR#sh ip wccp web-cache view
   WCCP Routers Informed of:
       -none-

   WCCP Cache Engines Visible:
       150.125.125.114

   WCCP Cache Engines NOT Visible:
       -none-

ISSR#


But again, nothing in tcpdump and nothing in /var/log/squid/access.log

Any suggestions?

Thanks,

-- Chad
On 11/14/06, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote:
tis 2006-11-14 klockan 14:53 +0800 skrev Adrian Chadd:
> On Mon, Nov 13, 2006, Chad Harrelson wrote:
> > Thanks Adrian, however, I have a requirement to make this work on the
> > my current version of squid (2.5) so WCCP v.1 will have to do.
>
> Ah. Grr, Redhat needs to test and upgrade their Squid packages already.

There is unofficial current "bleeding edge" RHEL Squid packages
available from RedHat, or more precisely from the Squid package
maintainer at RedHat. The URL can be found in the squid-users archives.

> I've done it for each interface just in case.

I know for certain from both theory and practice that it's sufficient to
disable rp_filter on the created gre tunnel interface.

Here is an example script setting up all networking level parameters
needed for WCCP/WCCP2 using ip_gre:

#!/bin/sh
# Set this to the public/primary IP of the WCCP router
ROUTER=10.0.0.1
iptables-restore <<EOF
*nat
:INTERCEPT -
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
:OUTPUT ACCEPT
-A PREROUTING -j INTERCEPT
COMMIT
EOF

ip link set wccp down 2>/dev/null
ip tunnel del wccp 2>/dev/null

ipaddr=`/sbin/ip addr show dev eth0 | awk '/inet / {print $2}'`
ip=`echo $ipaddr | cut -d/ -f1`
ip tunnel add wccp dev eth0 mode gre remote $ROUTER
ip addr add $ip/32 dev wccp
echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter
echo 1 >/proc/sys/net/ipv4/ip_forward
ip link set wccp up

iptables -t nat -F INTERCEPT
iptables -t nat -A INTERCEPT -i wccp -p tcp -j REDIRECT --to-ports 3128
#END

This script assumes the WCCP router is on the eth0 interface. Modify as
needed if your network layout is different.

Regards
Henrik



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux