Search squid archive

CentOS 5.1, Squid, PIX WCCP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm trying to get squid to use WCCP v2 with a cisco PIX. The PIX has ios 7.2(1) on it which has the WCCP feature.

The linux box I'm using is running CentOS 5.1 (kernel 2.6.18-53.1.6.el5). sqiod 2.6.STABLE6-5.el5_1.2. I have also tried the lastest 2.6.STABLE18 with the same results.

The WCCP seems to work except when going to certain sites (foxnews.com, cnn.com, espn.com, msnbc.com to name a few). What happens with those sites is the browser will go to "waiting for ..." or "transferring data from ..." and never gets passed that. In the squid access.log I see the request for the site but nothing else. Sometimes I get part of the page loaded (anywhere from 50-90% of the page).

I can go to other sites fine though. If I configure my browser to use squid as a proxy then the sites load fine, so it's something with wccp or my configuration of it. I don't know where to start to determine what the problem is.

PIX configuration:

wccp web-cache redirect-list WCCP_REDIRECT
wccp interface inside web-cache redirect in

access-list WCCP_REDIRECT extended permit tcp host 172.22.1.245 any

NOTE: I'm currently only forcing one host to use WCCP.

Squid Configuration:

http_port 10.1.4.100:3128 transparent
wccp2_router 172.22.0.2
wccp2_rebuild_wait on
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0
cache_dir aufs /var/spool/squid/cache0 8000 16 256
cache_dir aufs /var/spool/squid/cache1 8000 16 256
cache_dir aufs /var/spool/squid/cache2 8000 16 256


I have done this to the linux system as well:

eth0 has IP of 10.1.4.100/24

modify /etc/sysctl.conf

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 0

modprobe ip_gre

ifconfig gre0 10.1.4.100 netmask 255.255.255.255 up

I've tried using a different ip that isn't assigned to eth0 and wccp doesn't work at all.

iptables -t nat -A PREROUTING -i gre0 -p tcp --dport 80 -j DNAT --to-destination 10.1.4.100:3128

Any ideas?

Thanks,

--Dennis


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux