Ritter, Nicholas wrote:
With TProxy, I think you need to use Squid3-HEAD to reliably fix your issue....Amos would know for sure.
Nick
Yes. Squid-2.* has no support for TPROXY v4.1+
3.1.0.3 or later is needed. Which is at least an RC beta now, more
stable that pure 3.HEAD alpha code.
Also the squid.conf and configure details have changed.
http://wiki.squid-cache.org/Features/Tproxy4
Amos
________________________________
From: viveksnv@xxxxxx [mailto:viveksnv@xxxxxx]
Sent: Fri 1/9/2009 8:39 AM
To: henrik@xxxxxxxxxxxxxxxxxxx
Cc: squid-users@xxxxxxxxxxxxxxx; squid3@xxxxxxxxxxxxx
Subject: Re: WCCP configuration
Hi,
Thanks for the reply. It did help us solve the problem.
But there is a new issue.
We have configured as squid+tproxy. The squid ip is not displayed and
only the client ip is displayed when we do the proxy test. But after
configuring wccp we find that the server ip is displayed in the proxy
test instead of the client ip.
We also find that the http request is pathetically slow.
squid.conf
wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
ports=80
wccp2_service dynamic 90
wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
priority=240 ports=80
http_port 3128 transparent tproxy
iptable:
/usr/local/sbin/iptables -t tproxy -A PREROUTING -i wccp -p tcp -m tcp
--dport 80 -j TPROXY --on-port 3128
We created a gre tunnel based on the router identifier.
wccp2_router xx.xx.xxx.xx (ip of router interface connected to squid
machine)
The following command is assigned at the router interface connected to
the lan.
ip wccp 80 redirect in
ip wccp 90 redirect out
Following command at the router interface connected to squid.
ip wccp redirect exclude in
Router : Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M),
Version 12.4(13b)
Kernel : linux-2.6.20.21
IPtable : iptables-1.3.8
Os Ver : squid-2.7 Stable 5
#lsmod
ip_gre 19616 0
iptable_filter 11136 0
ipt_TPROXY 11136 1
ipt_REDIRECT 10624 0
xt_tcpudp 11904 1
reiserfs 235144 5
iptable_tproxy 23036 2 ipt_TPROXY
iptable_nat 15492 1 iptable_tproxy
ip_nat 24620 3 ipt_REDIRECT,iptable_tproxy,iptable_nat
ip_tables 25448 3
iptable_filter,iptable_tproxy,iptable_nat
x_tables 23560 5
ipt_TPROXY,ipt_REDIRECT,xt_tcpudp,iptable_nat,ip_tables
ip_conntrack 53400 3 iptable_tproxy,iptable_nat,ip_nat
The internet works, but the browsing is dead slow. Temporarily we have
bypassed squid to browse the net.
Thanks
VK
-----Original Message-----
From: Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx>
To: viveksnv@xxxxxx
Cc: squid3@xxxxxxxxxxxxx; squid-users@xxxxxxxxxxxxxxx
Sent: Thu, 8 Jan 2009 12:05 am
Subject: Re: WCCP configuration
ons 2009-01-07 klockan 08:46 -0500 skrev viveksnv@xxxxxx:
wccp2_router xxx.xx.xxx.xxx
wccp_version 4
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service dynamic 80
wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
ports=80
wccp2_service dynamic 90
wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
priority=240 ports=80
Router Eth0 - connected to lan. Eth1 - connecte to squid.
Have you also configured
* A loopback address on the router, giving it a easily identified router
ID
* the required GRE/WCCP tunnel interface on the Squid server
* disabled rp_filter on the above GRE/WCCP interface.
* And adjusted the REDIRECT/NAT rules to act on traffic received on the
GRE/WCCP interface configured above?
Service Identifier: web-cache
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 11336
Process: 0
Fast: 0
CEF: 11336
Looks fine.
Is there any simple way of configuring WCCP. We have beating round
the
bush all day long to configure wccp.
WCCP as such is configured. But something is missing in the interception
at the proxy. Most likely the GRE interface mentioned above.
Regards
Henrik
________________________________________________________________________
You are invited to Get a Free AOL Email ID. - http://webmail.aol.in <http://webmail.aol.in/>
--
Please be using
Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
Current Beta Squid 3.1.0.3
