I'm trying to get squid to use WCCP v2 with a cisco PIX. The PIX has
ios 7.2(1) on it which has the WCCP feature.
The linux box I'm using is running CentOS 5.1 (kernel
2.6.18-53.1.6.el5). sqiod 2.6.STABLE6-5.el5_1.2. I have also tried
the lastest 2.6.STABLE18 with the same results.
The WCCP seems to work except when going to certain sites
(foxnews.com, cnn.com, espn.com, msnbc.com to name a few). What
happens with those sites is the browser will go to "waiting for ..."
or "transferring data from ..." and never gets passed that. In the
squid access.log I see the request for the site but nothing else.
Sometimes I get part of the page loaded (anywhere from 50-90% of the
page).
I can go to other sites fine though. If I configure my browser to use
squid as a proxy then the sites load fine, so it's something with wccp
or my configuration of it. I don't know where to start to determine
what the problem is.
PIX configuration:
wccp web-cache redirect-list WCCP_REDIRECT
wccp interface inside web-cache redirect in
access-list WCCP_REDIRECT extended permit tcp host 172.22.1.245 any
NOTE: I'm currently only forcing one host to use WCCP.
Squid Configuration:
http_port 10.1.4.100:3128 transparent
wccp2_router 172.22.0.2
wccp2_rebuild_wait on
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0
cache_dir aufs /var/spool/squid/cache0 8000 16 256
cache_dir aufs /var/spool/squid/cache1 8000 16 256
cache_dir aufs /var/spool/squid/cache2 8000 16 256
I have done this to the linux system as well:
eth0 has IP of 10.1.4.100/24
modify /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 0
modprobe ip_gre
ifconfig gre0 10.1.4.100 netmask 255.255.255.255 up
I've tried using a different ip that isn't assigned to eth0 and wccp
doesn't work at all.
iptables -t nat -A PREROUTING -i gre0 -p tcp --dport 80 -j DNAT
--to-destination 10.1.4.100:3128
Any ideas?
Thanks,
--Dennis