Read http://wiki.squid-cache.org/ConfigExamples/ - there's an example Cisco IOS + WCCP + NAT. Adrian On Sat, Feb 09, 2008, Tuc at T-B-O-H.NET wrote: > Hi, > > Trying to follow : > > http://wiki.squid-cache.org/SquidFaq/InterceptionProxy > > Cisco is a 2851 : > Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(12), RELEASE SOFTWARE (fc1) > > Linux is Centos 4: > Linux ports.example.com 2.6.9-42.0.10.EL #1 Tue Feb 27 09:24:42 EST 2007 i686 i686 i386 GNU/Linux > > Squid is squid-2.6.STABLE18 > > One tweak to the docs I did find I needed for > Cisco was "ip wccp web-cache" needed to be set for it to > run. > > The configuration is that I have a serial port doing NAT to the > net, which is where EVERYTHING passes, so thats where I put the ip wccp > statements on the router. That interface IP is 1.2.3.58 . I have > a Gig 0/0, IP 2.3.4.233 . Off that gig is the squid at 2.3.4.236. I > have a Gig0/1 IP 4.5.6.7, and 99% of the users hang off there. > > I used the following on Linux. The iptables command > seems to never have heard of the "--redirect-to" command, so hopefully > this is correct : > > modprobe ip_gre > ip tunnel del wccp0 > ip tunnel add wccp0 mode gre remote 1.2.3.58 local 2.3.4.236 dev eth0 > ip addr add 2.3.4.236/32 dev wccp0 > ip link set wccp0 up > echo 0 >/proc/sys/net/ipv4/conf/wccp0/rp_filter > iptables -t nat -A PREROUTING -p tcp -i wccp0 -j REDIRECT --to 3128 > > It didn't seem to work, so I shut down all IP tables > via the Centos GUI (BIG mistake, it wiped out my settings and now > I need to reconstruct it. :-/ ) ANYWAY... AFTER that I checked, > and a "sho ip wccp we v" on the router showed my > 2.3.4.236 as visible, and a "sho ip wccp web det" > showed it, but with a State of "NOT Usable". I turned up > some debug, and I see maybe whats happening, but dont' know > how to resolve.. > > When I wirehark the packets on 2048, I see the "Here I am" > from Squid to the router fine, but the router responds with > "I see you" from 2.3.4.233, the IP of the interface closest to > the squid, but NOT the IP of the Internet connection. > > How do I handle this? Do I need to change wccp2_router to > 2.3.4.233 instead of really what it should be, 1.2.3.58? > > Also, is the iptables command correct? > > Thanks, Tuc -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
