Search squid archive

Re: transparent Proxy with WCCP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Roland Roland wrote:
...

------------------added to Squid.conf:------------------

acl MyNet src 192.168.0.0/24
http_access allow MyNet  (this is set before the deny all rule)
wccp_router 192.168.0.1
http_port 3128 transparent


------------------connectivity------------------

ip tunnel add wccp0 mode gre remote 192.168.0.1 local 192.168.0.108 dev eth0
ip addr add 192.168.0.108/24 dev wccp0
ip link set wccp0 up

iptables -t nat -A PREROUTING -i wccp0 -j REDIRECT -p tcp --to-port 80 <<-- to direct from GRE to port 80



...
Hi Roland,

My experience is almost exclusively with wccp2 but off the bat the only think that looks 'funky' to me is your iptables rule and a few /proc tweaks.

Try the following after doing the "ip link set wccp0 up":

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/wccp0/rp_filter

The GRE tunnel is only there to provide decapsulation of the WCCP traffic from the router. Once that is done the traffic is essentially still pointing towards port 80. Since you're running your squid on port 3128 your iptables rule NEEDS to redirect incomming port 80 traffic to that port, so it should read:

iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j REDIRECT --to-port 3128


regards,

Regardt vd Vyver

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux