Wow. Thanks Henrik! This is the command that got it going: echo 0 >/proc/sys/net/ipv4/conf/gre1/rp_filter I thought for sure that I had run across documentation that told me to enable rp_filter. Oh, it's working now. Now on the WCCPv2.... When I try enabling version 2 I get the following error while sniffing my external interface: 15:17:12.108896 IP 150.125.125.185 > 150.125.127.142: ICMP 150.125.125.185 protocol 47 port 34878 unreachable, length 84 (150.125.127.142 is the automatic router ID that is displayed under: sh ip wccp) The only that has changed in squid is commenting out wccp_router 150.125.125.186 and adding the following lines: wccp2_router 150.125.125.186 #wccp2_version 4 wccp2_rebuild_wait on wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_assignment_method 1 wccp2_service standard 0 wccp2_weight 10000 Any thoughts? Thanks again, -- Chad On 5/9/07, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote:
ons 2007-05-09 klockan 08:48 -0400 skrev Chad Harrelson: > Hello list, > I am still battling WCCP... My ultimate goal is to get WCCPv2 > functioning properly on a RHEL5 box (squid-2.6.STABLE6-3.el5) > 2.6.18-8.el5xen -- connected to a Cisco 7600 (with SUP 720) ISO > 12.2(18). Since I am having no luck with WCCPv2 I have been using v1. > I have gotten as far as seeing http traffic leaving my gre interface > but I do not see that same traffic on eth0 (my external interface) and > of course the packets do not reach the destination. Here are my > relavant configs: > > modprobe ip_gre > iptunnel add gre1 mode gre remote 150.125.125.186 local > 150.125.125.185 dev eth0 > ifconfig gre1 150.125.125.187 netmask 255.255.255.248 up (I have > tried many variations on IP addresses here. Having a real routable IP > is the only I can avoid seeing ICMP proto 47 unreachable errors on > eth0) You also need to disable rp_filter, and set up iptables interception rules. See the FAQ. http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-a7fed84c39e23407b93737da0815d1e6ed926a4f http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-935dbe4ef8ea8e21c1e04cc7753a09095c0d8285 http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-1baf52754892d9355e3aa292dd70d96d74608b9b Regards Henrik