With TProxy, I think you need to use Squid3-HEAD to reliably fix your issue....Amos would know for sure. Nick ________________________________ From: viveksnv@xxxxxx [mailto:viveksnv@xxxxxx] Sent: Fri 1/9/2009 8:39 AM To: henrik@xxxxxxxxxxxxxxxxxxx Cc: squid-users@xxxxxxxxxxxxxxx; squid3@xxxxxxxxxxxxx Subject: Re: WCCP configuration Hi, Thanks for the reply. It did help us solve the problem. But there is a new issue. We have configured as squid+tproxy. The squid ip is not displayed and only the client ip is displayed when we do the proxy test. But after configuring wccp we find that the server ip is displayed in the proxy test instead of the client ip. We also find that the http request is pathetically slow. squid.conf wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80 wccp2_service dynamic 90 wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=80 http_port 3128 transparent tproxy iptable: /usr/local/sbin/iptables -t tproxy -A PREROUTING -i wccp -p tcp -m tcp --dport 80 -j TPROXY --on-port 3128 We created a gre tunnel based on the router identifier. wccp2_router xx.xx.xxx.xx (ip of router interface connected to squid machine) The following command is assigned at the router interface connected to the lan. ip wccp 80 redirect in ip wccp 90 redirect out Following command at the router interface connected to squid. ip wccp redirect exclude in Router : Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(13b) Kernel : linux-2.6.20.21 IPtable : iptables-1.3.8 Os Ver : squid-2.7 Stable 5 #lsmod ip_gre 19616 0 iptable_filter 11136 0 ipt_TPROXY 11136 1 ipt_REDIRECT 10624 0 xt_tcpudp 11904 1 reiserfs 235144 5 iptable_tproxy 23036 2 ipt_TPROXY iptable_nat 15492 1 iptable_tproxy ip_nat 24620 3 ipt_REDIRECT,iptable_tproxy,iptable_nat ip_tables 25448 3 iptable_filter,iptable_tproxy,iptable_nat x_tables 23560 5 ipt_TPROXY,ipt_REDIRECT,xt_tcpudp,iptable_nat,ip_tables ip_conntrack 53400 3 iptable_tproxy,iptable_nat,ip_nat The internet works, but the browsing is dead slow. Temporarily we have bypassed squid to browse the net. Thanks VK -----Original Message----- From: Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> To: viveksnv@xxxxxx Cc: squid3@xxxxxxxxxxxxx; squid-users@xxxxxxxxxxxxxxx Sent: Thu, 8 Jan 2009 12:05 am Subject: Re: WCCP configuration ons 2009-01-07 klockan 08:46 -0500 skrev viveksnv@xxxxxx: > wccp2_router xxx.xx.xxx.xxx > wccp_version 4 > wccp2_forwarding_method 1 > wccp2_return_method 1 > wccp2_assignment_method 1 > wccp2_service dynamic 80 > wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 > ports=80 > wccp2_service dynamic 90 > wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source > priority=240 ports=80 > > > Router Eth0 - connected to lan. Eth1 - connecte to squid. Have you also configured * A loopback address on the router, giving it a easily identified router ID * the required GRE/WCCP tunnel interface on the Squid server * disabled rp_filter on the above GRE/WCCP interface. * And adjusted the REDIRECT/NAT rules to act on traffic received on the GRE/WCCP interface configured above? > Service Identifier: web-cache > Number of Service Group Clients: 1 > Number of Service Group Routers: 1 > Total Packets s/w Redirected: 11336 > Process: 0 > Fast: 0 > CEF: 11336 Looks fine. > Is there any simple way of configuring WCCP. We have beating round the > bush all day long to configure wccp. WCCP as such is configured. But something is missing in the interception at the proxy. Most likely the GRE interface mentioned above. Regards Henrik ________________________________________________________________________ You are invited to Get a Free AOL Email ID. - http://webmail.aol.in <http://webmail.aol.in/>
