i've just created a new box with the following options:
but wccp with router is still not working!
any advice?
using centos 5.2
and squid 2.6
firewall enabled
SElinux permissive
-------------------------------------------------------
done the following:
yum update yum
yum install squid
squid -z
-------------------------------------------------------
gedit /etc/rc.d/init.d/rc.local
#added:
modprobe ip_gre
ifconfig gre0 192.168.0.183 netmask 255.255.255.0 up
#this is the same ip as my eth0
----------------------------------------------------
gedit /etc/sysconfig/iptables
#added:
-A INPUT -i gre0 -j ACCEPT
-A INPUT -i gre0 -j ACCEPT
-A INPUT -p gre -j ACCEPT
#my routers lan interface 192.168.0.1
-A RH-Firewall-1-INPUT -s 192.168.0.1/24 -p udp -m udp --dport 2048 -j
ACCEPT
-------------------------------------------------------
service iptables condrestart
--------------------------------------------------------
gedit /etc/squid/squid.conf
#edited/added the follwoing:
http_port 80 transparent
http_access allow all
wccp2_router 192.168.0.1
wccp_version 4
wccp2_rebuild_wait on
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service dynamic 80
wccp2_service dynamic 90
wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80
wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
priority=240 ports=80
----------------------------------------------------------
Cisco router 2811 side:
conf t
ip wccp version 2
ip wccp web-cache
int f0/1 (Lan interface)
ip wccp 80 redirect in
ip wccp 90 redirect out
----------------------------------------------------------
service squid restart
then sh ip wccp on router gave me all hits as 0 no hits from squid to
router!!
----------------------------------------------------------
service iptables status
[root@localhost ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:22
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:80
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:5900
12 ACCEPT udp -- 192.168.0.0/24 0.0.0.0/0 udp
dpt:2048
13 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
---------------------------------------------------------------------------
lsmod:
Module Size Used by
ip_conntrack_netbios_ns 6977 0
xt_state 6209 4
ip_conntrack 53025 2 ip_conntrack_netbios_ns,xt_state
nfnetlink 10713 1 ip_conntrack
iptable_filter 7105 1
ip_tables 17029 1 iptable_filter
ip6table_filter 6849 1
ip6_tables 18053 1 ip6table_filter
nls_utf8 6208 1
ip_gre 16737 0
autofs4 24517 2
hidp 23105 2
rfcomm 42457 0
l2cap 29505 10 hidp,rfcomm
bluetooth 53797 5 hidp,rfcomm,l2cap
sunrpc 144893 1
ipt_REJECT 9537 1
ip6t_REJECT 9409 1
xt_tcpudp 7105 15
x_tables 17349 6
xt_state,ip_tables,ip6_tables,ipt_REJECT,ip6t_REJECT,xt_tcpudp
dm_multipath 22089 0
video 21193 0
sbs 18533 0
backlight 10049 1 video
i2c_ec 9025 1 sbs
button 10705 0
battery 13637 0
asus_acpi 19289 0
ac 9157 0
ipv6 258273 17 ip6t_REJECT
xfrm_nalgo 13765 1 ipv6
crypto_api 11969 1 xfrm_nalgo
lp 15849 0
floppy 57125 0
i2c_piix4 12237 0
pcnet32 35141 0
pcspkr 7105 0
i2c_core 23745 2 i2c_ec,i2c_piix4
mii 9409 1 pcnet32
ide_cd 40033 1
cdrom 36705 1 ide_cd
parport_pc 29157 1
serio_raw 10693 0
parport 37513 2 lp,parport_pc
dm_snapshot 21477 0
dm_zero 6209 0
dm_mirror 29125 0
dm_mod 61405 9 dm_multipath,dm_snapshot,dm_zero,dm_mirror
ata_piix 22341 0
libata 143997 1 ata_piix
sd_mod 24897 0
scsi_mod 134605 2 libata,sd_mod
ext3 123593 2
jbd 56553 1 ext3
uhci_hcd 25421 0
ohci_hcd 23261 0
ehci_hcd 33357 0
------------------------------------------------------------------------
ifconfig:
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:F8:D0:AF
inet addr:192.168.0.183 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fef8:d0af/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29956 errors:0 dropped:0 overruns:0 frame:0
TX packets:11948 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3673892 (3.5 MiB) TX bytes:7234153 (6.8 MiB)
Interrupt:169 Base address:0x2000
gre0 Link encap:UNSPEC HWaddr
00-00-00-00-B2-BF-68-33-00-00-00-00-00-00-00-00
inet addr:192.168.0.183 Mask:255.255.255.0
UP RUNNING NOARP MTU:1476 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2926 errors:0 dropped:0 overruns:0 frame:0
TX packets:2926 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3257748 (3.1 MiB) TX bytes:3257748 (3.1 MiB)
-------------------------------------------------------------------------------
