Re: Cisco with WCCP!! newbie here..

["Roland Roland" <R_O_L_A_N_D@xxxxxxxxxxx>]

hello :)
I've took a break of working live on squid and started reading more about it 
to see what I'm getting myself into..
I managed to get the router and squid to see each other and troubleshoot the 
GRE tunnel..
sh ip wccp shows hits.. but when I check the access.log and cache.log of 
squid I  see nothing..
any idea what might be causing this?
heres the output of router debug:


6 17:10:14.012: WCCP-PKT:D90: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000020
6 17:10:14.012: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000021
6 17:10:14.016: WCCP-PKT:D80: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000020
6 17:10:14.016: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000021
6 17:10:31.504: WCCP-PKT:D90: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000021
6 17:10:31.504: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000022
6 17:10:31.508: WCCP-PKT:D80: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000021
6 17:10:31.508: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000022
6 17:10:48.640: WCCP-PKT:D90: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000022
6 17:10:48.640: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000023
6 17:10:48.644: WCCP-PKT:D80: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000022
6 17:10:48.644: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000023
6 17:11:03.656: WCCP-PKT:D90: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000023
6 17:11:03.656: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000024
6 17:11:03.656: WCCP-PKT:D80: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000023
6 17:11:03.656: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000024
6 17:11:17.056: WCCP-PKT:D90: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000024
6 17:11:17.056: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000025
6 17:11:17.060: WCCP-PKT:D80: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000024
6 17:11:17.060: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000025
6 17:11:28.060: WCCP-PKT:D90: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000025
6 17:11:28.060: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000026
6 17:11:28.064: WCCP-PKT:D80: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000025
6 17:11:28.064: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000026
6 17:11:42.904: WCCP-PKT:D90: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000026
6 17:11:42.904: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000027
6 17:11:42.904: WCCP-PKT:D80: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000026
6 17:11:42.904: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000027
6 17:11:56.640: WCCP-PKT:D90: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000027
6 17:11:56.640: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000028
6 17:11:56.644: WCCP-PKT:D80: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000027
6 17:11:56.644: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000028
6 17:12:11.392: WCCP-PKT:D90: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000028
6 17:12:11.392: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000029
6 17:12:11.392: WCCP-PKT:D80: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000028
6 17:12:11.392: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 00000029
6 17:12:22.960: WCCP-PKT:D90: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000029
6 17:12:22.960: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 0000002A
6 17:12:22.968: WCCP-PKT:D80: Received valid Here_I_Am packet from 
192.168.0.2 w/rcv_id 00000029
6 17:12:22.968: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ 
rcv_id 0000002A



CME-Router#sh ip wccp
Global WCCP information:
   Router information:
       Router Identifier:                   172.16.50.54
       Protocol Version:                    2.0

   Service Identifier: web-cache
       Number of Service Group Clients:     0
       Number of Service Group Routers:     0
       Total Packets s/w Redirected:        0
         Process:                           0
         Fast:                              0
         CEF:                               0
       Redirect access-list:                198
       Total Packets Denied Redirect:       0
       Total Packets Unassigned:            0
       Group access-list:                   -none-
       Total Messages Denied to Group:      0
       Total Authentication failures:       0
       Total Bypassed Packets Received:     0

   Service Identifier: 80
       Number of Service Group Clients:     1
       Number of Service Group Routers:     1
       Total Packets s/w Redirected:        4475
         Process:                           0
         Fast:                              0
         CEF:                               4475
       Redirect access-list:                198
       Total Packets Denied Redirect:       0
       Total Packets Unassigned:            1853
       Group access-list:                   -none-
       Total Messages Denied to Group:      0
       Total Authentication failures:       0
       Total Bypassed Packets Received:     0

   Service Identifier: 90
       Number of Service Group Clients:     1
       Number of Service Group Routers:     1
       Total Packets s/w Redirected:        0
         Process:                           0
         Fast:                              0
         CEF:                               0
       Redirect access-list:                198
       Total Packets Denied Redirect:       0
       Total Packets Unassigned:            1369
       Group access-list:                   -none-
       Total Messages Denied to Group:      0
       Total Authentication failures:       0
       Total Bypassed Packets Received:     0




--------------------------------------------------
From: "Ritter, Nicholas" <Nicholas.Ritter@xxxxxxxxxxxxxx>
Sent: Tuesday, December 23, 2008 8:10 AM
To: "Roland Roland" <R_O_L_A_N_D@xxxxxxxxxxx>
Subject: RE:  Cisco with WCCP!! newbie here..

> Sorry for the dely in getting back to you.
>
>
> Ok....first manually check that squid is working properly. Do this by 
> configuring the proxy server settings of the client browser manually to 
> point to the IP of the squid server and the non-redirected port number of 
> 3128 (if you are using the redirection iptables rules. This will seperate 
> WCCP and iptables from squid operation. If the squid access log show 
> traffic and the web browser is getting pages, switch the port number to 
> port 80 on the web browser setup, this will verify iptables redirection 
> functionality.
>
> If the second test fails, do a "lsmod | grep tproxy" and see if something 
> like "xt_tproxy" shows up, also check the squid access log and see if it 
> is the case that squid sees the client request pages, and squid is 
> fetching them...it is possible that squid sees the request and is fetching 
> but not getting the data back to the client.
>
> Also, check to see if the router is seeing the squid server. Do this by 
> doing a "sh ip wccp" in the router and see if the client/server groups are 
> greater than 0.
>
> Let me know what you see,.....we can coordinate an real-time chat sometime 
> too.
>
> Nick
>
> ________________________________
>
> From: Roland Roland [mailto:R_O_L_A_N_D@xxxxxxxxxxx]
> Sent: Sun 12/21/2008 3:13 PM
> To: Ritter, Nicholas
> Subject: Re:  Cisco with WCCP!! newbie here..
>
>
>
> Hello :)
> I gave up!
> wccp isnt working with me...
> I've tried everything you asked me to do..
> and a few more tutorials from the net..
> NOTHING's working!!
>
> help!
>
> --------------------------------------------------
> From: "Ritter, Nicholas" <Nicholas.Ritter@xxxxxxxxxxxxxx>
> Sent: Tuesday, December 16, 2008 11:27 PM
> To: <R_O_L_A_N_D@xxxxxxxxxxx>
> Subject: RE:  Cisco with WCCP!! newbie here..
>
> > Your squid.conf is missing "cache_dir" statements to tell it where to put
> > HTTP items it is caching. For squid setup you may need to review the
> > docs/wiki or use the information contained in the squid config file.
> >
> > As for the IPtables issiue, I can't help you with that without seeing the
> > error it is spitting out, and seeing the contents of
> > "/etc/sysconfig/iptables".
> >
> > Did the gre0 interface setup work?
> >
> > Nick
> >
> > ________________________________
> >
> > From: R_O_L_A_N_D@xxxxxxxxxxx [mailto:R_O_L_A_N_D@xxxxxxxxxxx]
> > Sent: Tue 12/16/2008 2:17 PM
> > To: Ritter, Nicholas
> > Subject: Re:  Cisco with WCCP!! newbie here..
> >
> >
> >
> > I really cant begin to thank you for all of the help you provided so 
> > far..
> > but am afraid I have to bother you one more time if possible!
> >
> > I followed your instructions one by one, but I still am facing probs.. on
> > booting I get a prob in iptables reading line1..
> > here's my squid.conf:  http://pastebin.com/m401b5e09
> > and below is the debugging output:
> >
> >
> >
> > [root@localhost ~]# squid -NCd10
> > 2008/12/16 09:14:19| Starting Squid Cache version 2.6.STABLE6 for
> > i686-redhat-linux-gnu...
> > 2008/12/16 09:14:19| Process ID 5099
> > 2008/12/16 09:14:19| With 1024 file descriptors available
> > 2008/12/16 09:14:19| Using epoll for the IO loop
> > 2008/12/16 09:14:19| Performing DNS Tests...
> > 2008/12/16 09:14:19| Successful DNS name lookup tests...
> > 2008/12/16 09:14:19| DNS Socket created at 0.0.0.0, port 32770, FD 5
> > 2008/12/16 09:14:19| Adding nameserver 198.6.1.5 from /etc/resolv.conf
> > 2008/12/16 09:14:19| Adding nameserver 4.2.2.2 from /etc/resolv.conf
> > 2008/12/16 09:14:19| Adding domain localdomain from /etc/resolv.conf
> > 2008/12/16 09:14:19| User-Agent logging is disabled.
> > 2008/12/16 09:14:19| Referer logging is disabled.
> > 2008/12/16 09:14:19| Unlinkd pipe opened on FD 10
> > 2008/12/16 09:14:19| Swap maxSize 102400 KB, estimated 7876 objects
> > 2008/12/16 09:14:19| Target number of buckets: 393
> > 2008/12/16 09:14:19| Using 8192 Store buckets
> > 2008/12/16 09:14:19| Max Mem  size: 8192 KB
> > 2008/12/16 09:14:19| Max Swap size: 102400 KB
> > 2008/12/16 09:14:19| Local cache digest enabled; rebuild/rewrite every
> > 3600/3600 sec
> > 2008/12/16 09:14:19| Rebuilding storage in /var/spool/squid (CLEAN)
> > 2008/12/16 09:14:19| Using Least Load store dir selection
> > 2008/12/16 09:14:19| Set Current Directory to /var/spool/squid
> > 2008/12/16 09:14:19| Loaded Icons.
> > 2008/12/16 09:14:19| Accepting transparently proxied HTTP connections at
> > 0.0.0.0, port 3128, FD 12.
> > 2008/12/16 09:14:19| Accepting ICP messages at 0.0.0.0, port 3130, FD 13.
> > 2008/12/16 09:14:19| WCCP Disabled.
> > 2008/12/16 09:14:19| Accepting WCCPv2 messages on port 2048, FD 14.
> > 2008/12/16 09:14:19| Initialising all WCCPv2 lists
> > 2008/12/16 09:14:19| Ready to serve requests.
> > 2008/12/16 09:14:19| Done reading /var/spool/squid swaplog (0 entries)
> > 2008/12/16 09:14:19| Finished rebuilding storage from disk.
> > 2008/12/16 09:14:19|         0 Entries scanned
> > 2008/12/16 09:14:19|         0 Invalid entries.
> > 2008/12/16 09:14:19|         0 With invalid flags.
> > 2008/12/16 09:14:19|         0 Objects loaded.
> > 2008/12/16 09:14:19|         0 Objects expired.
> > 2008/12/16 09:14:19|         0 Objects cancelled.
> > 2008/12/16 09:14:19|         0 Duplicate URLs purged.
> > 2008/12/16 09:14:19|         0 Swapfile clashes avoided.
> > 2008/12/16 09:14:19|   Took 0.6 seconds (   0.0 objects/sec).
> > 2008/12/16 09:14:19| Beginning Validation Procedure
> > 2008/12/16 09:14:19|   Completed Validation Procedure
> > 2008/12/16 09:14:19|   Validated 0 Entries
> > 2008/12/16 09:14:19|   store_swap_size = 0k
> > 2008/12/16 09:14:20| storeLateRelease: released 0 objects
> >
> > --------------------------------------------------
> > From: "Ritter, Nicholas" <Nicholas.Ritter@xxxxxxxxxxxxxx>
> > Sent: Tuesday, December 16, 2008 5:17 PM
> > To: "Roland Roland" <R_O_L_A_N_D@xxxxxxxxxxx>
> > Subject: RE:  Cisco with WCCP!! newbie here..
> >
> > > ok....given what you have presented to me below, your setup should not 
> > > be
> > > working yet. It looks like there are several things that still need to 
> > > be
> > > done.
> > >
> > > 1) In squid.conf add:
> > >
> > > wccp2_router 192.168.0.1
> > > wccp_version 4
> > > wccp2_rebuild_wait on
> > > wccp2_forwarding_method 1
> > > wccp2_return_method 1
> > > wccp2_assignment_method 1
> > > wccp2_service dynamic 80
> > > wccp2_service dynamic 90
> > > wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
> > > ports=80
> > > wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
> > > priority=240 ports=80
> > >
> > > 2) In "/etc/sysconfig/iptables" add:
> > >
> > > -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports
> > > 3128
> > > -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports
> > > 3128
> > >
> > > 3) issue command: "modprobe ip_gre"
> > > 4) issue command: "lsmod | grep gre" and make sure "ip_gre" is returned.
> > > 5) ifconfig gre0 192.168.0.7 netmask 255.255.255.0 up
> > > 6) issue command: "service iptables condrestart"
> > > 7) In your router do the following:
> > >
> > > global command: ip wccp web-cache
> > > On the interface which binds 192.168.0.1:
> > >
> > > ip wccp 80 redirect in
> > > ip wccp 90 redirect out
> > >
> > >
> > > 8) Issue (on the centos box): service squid restart
> > > 9) Wait 2 minutes, then on the router: "sh ip wccp" look for:
> > >
> > > Service Identifier: 80
> > >        Number of Service Group Clients:     1
> > >        Number of Service Group Routers:     1
> > >
> > > and:
> > >
> > >    Service Identifier: 90
> > >        Number of Service Group Clients:     1
> > >        Number of Service Group Routers:     1
> > >
> > >
> > >
> > >
> > > ________________________________
> > >
> > > From: Roland Roland [mailto:R_O_L_A_N_D@xxxxxxxxxxx]
> > > Sent: Mon 12/15/2008 5:34 PM
> > > To: Ritter, Nicholas
> > > Subject: Re:  Cisco with WCCP!! newbie here..
> > >
> > >
> > >
> > > Hi yes I admit, ubuntu has been much easier, but nonetheless im starting
> > > to
> > > enjoy centos! has lots of command line features missing in ubuntu..
> > >
> > > anyway here's  what you asked for:
> > >
> > > 1) Are you using a loopback interface in the router?
> > > No, am not.
> > >
> > > 2) What is the IP of the centos server, a client machine, and the 
> > > router.
> > > Centos: 192.168.0.7
> > > Client machine: 192.168.0.2
> > > Router: 192.168.0.1
> > >
> > > 3) The output of "service iptables status"
> > >
> > >
> > > [root@localhost squid]# service iptables status
> > > Table: nat
> > > Chain PREROUTING (policy ACCEPT)
> > > num  target     prot opt source               destination
> > >
> > > Chain POSTROUTING (policy ACCEPT)
> > > num  target     prot opt source               destination
> > > 1    MASQUERADE  all  --  192.168.122.0/24     0.0.0.0/0
> > >
> > > Chain OUTPUT (policy ACCEPT)
> > > num  target     prot opt source               destination
> > >
> > > Table: filter
> > > Chain INPUT (policy ACCEPT)
> > > num  target     prot opt source               destination
> > > 1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
> > > dpt:53
> > > 2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > > dpt:53
> > > 3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
> > > dpt:67
> > > 4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > > dpt:67
> > > 5    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
> > >
> > > Chain FORWARD (policy ACCEPT)
> > > num  target     prot opt source               destination
> > > 1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state
> > > RELATED,ESTABLISHED
> > > 2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
> > > 3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> > > 4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> > > reject-with icmp-port-unreachable
> > > 5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> > > reject-with icmp-port-unreachable
> > > 6    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
> > >
> > > Chain OUTPUT (policy ACCEPT)
> > > num  target     prot opt source               destination
> > >
> > > Chain RH-Firewall-1-INPUT (2 references)
> > > num  target     prot opt source               destination
> > > 1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> > > 2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp
> > > type
> > > 255
> > > 3    ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
> > > 4    ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
> > > 5    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp
> > > dpt:5353
> > > 6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
> > > dpt:631
> > > 7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > > dpt:631
> > > 8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
> > > RELATED,ESTABLISHED
> > > 9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> > > NEW
> > > tcp dpt:22
> > > 10   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> > > NEW
> > > tcp dpt:80
> > > 11   REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> > > reject-with icmp-host-prohibited
> > >
> > >
> > >
> > >
> > >
> > > 4) The output of "lsmod"
> > >
> > >
> > > Module                  Size  Used by
> > > netloop                10945  0
> > > netbk                  78145  0 [permanent]
> > > blktap                115941  2 [permanent]
> > > blkbk                  22241  0 [permanent]
> > > ipt_MASQUERADE          7617  1
> > > iptable_nat            11205  1
> > > ip_nat                 21101  2 ipt_MASQUERADE,iptable_nat
> > > bridge                 53853  0
> > > autofs4                24389  2
> > > hidp                   23105  2
> > > rfcomm                 42457  0
> > > l2cap                  29505  10 hidp,rfcomm
> > > bluetooth              53797  5 hidp,rfcomm,l2cap
> > > sunrpc                144893  1
> > > ip_conntrack_netbios_ns     6977  0
> > > ipt_REJECT              9537  3
> > > xt_state                6208  4
> > > ip_conntrack           53025  5
> > > ipt_MASQUERADE,iptable_nat,ip_nat,ip_conntrack_netbios_ns,xt_state
> > > nfnetlink              10713  2 ip_nat,ip_conntrack
> > > iptable_filter          7105  1
> > > ip_tables              17029  2 iptable_nat,iptable_filter
> > > ip6t_REJECT             9409  1
> > > xt_tcpudp               7105  16
> > > ip6table_filter         6849  1
> > > ip6_tables             18053  1 ip6table_filter
> > > x_tables               17349  8
> > > ipt_MASQUERADE,iptable_nat,ipt_REJECT,xt_state,ip_tables,ip6t_REJECT,xt_tcpudp,ip6_tables
> > > dm_multipath           22089  0
> > > video                  21193  0
> > > sbs                    18533  0
> > > backlight              10049  1 video
> > > i2c_ec                  9025  1 sbs
> > > button                 10705  0
> > > battery                13637  0
> > > asus_acpi              19289  0
> > > ac                      9157  0
> > > ipv6                  258401  15 ip6t_REJECT
> > > xfrm_nalgo             13765  1 ipv6
> > > crypto_api             11969  1 xfrm_nalgo
> > > lp                     15849  0
> > > floppy                 54949  0
> > > i2c_piix4              12237  0
> > > pcnet32                36805  0
> > > pcspkr                  7105  0
> > > i2c_core               23745  2 i2c_ec,i2c_piix4
> > > mii                     9409  1 pcnet32
> > > serio_raw              10693  0
> > > ide_cd                 40033  0
> > > parport_pc             29157  1
> > > cdrom                  36705  1 ide_cd
> > > serial_core            23617  0
> > > parport                37641  2 lp,parport_pc
> > > dm_snapshot            21477  0
> > > dm_zero                 6209  0
> > > dm_mirror              29381  0
> > > dm_mod                 61405  9
> > > dm_multipath,dm_snapshot,dm_zero,dm_mirror
> > > ata_piix               22341  0
> > > libata                144637  1 ata_piix
> > > sd_mod                 24897  0
> > > scsi_mod              134861  2 libata,sd_mod
> > > ext3                  123593  2
> > > jbd                    56553  1 ext3
> > > uhci_hcd               25677  0
> > > ohci_hcd               23517  0
> > > ehci_hcd               33741  0
> > >
> > >
> > >
> > > 5) The output of "ifconfig"
> > >
> > > eth0      Link encap:Ethernet  HWaddr 00:0C:29:C8:8E:D5
> > >          inet addr:192.168.146.132  Bcast:192.168.146.255
> > > Mask:255.255.255.0
> > >          inet6 addr: fe80::20c:29ff:fec8:8ed5/64 Scope:Link
> > >          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> > >          RX packets:1787 errors:0 dropped:0 overruns:0 frame:0
> > >          TX packets:1444 errors:0 dropped:0 overruns:0 carrier:0
> > >          collisions:0 txqueuelen:0
> > >          RX bytes:1754176 (1.6 MiB)  TX bytes:89731 (87.6 KiB)
> > >
> > > lo        Link encap:Local Loopback
> > >          inet addr:127.0.0.1  Mask:255.0.0.0
> > >          inet6 addr: ::1/128 Scope:Host
> > >          UP LOOPBACK RUNNING  MTU:16436  Metric:1
> > >          RX packets:2819 errors:0 dropped:0 overruns:0 frame:0
> > >          TX packets:2819 errors:0 dropped:0 overruns:0 carrier:0
> > >          collisions:0 txqueuelen:0
> > >          RX bytes:6214808 (5.9 MiB)  TX bytes:6214808 (5.9 MiB)
> > >
> > > peth0     Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
> > >          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
> > >          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
> > >          RX packets:1790 errors:0 dropped:0 overruns:0 frame:0
> > >          TX packets:1510 errors:0 dropped:0 overruns:0 carrier:0
> > >          collisions:0 txqueuelen:1000
> > >          RX bytes:1754743 (1.6 MiB)  TX bytes:101982 (99.5 KiB)
> > >          Interrupt:16 Base address:0x1080
> > >
> > > vif0.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
> > >          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
> > >          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
> > >          RX packets:1444 errors:0 dropped:0 overruns:0 frame:0
> > >          TX packets:1787 errors:0 dropped:0 overruns:0 carrier:0
> > >          collisions:0 txqueuelen:0
> > >          RX bytes:89731 (87.6 KiB)  TX bytes:1754176 (1.6 MiB)
> > >
> > > virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
> > >          inet addr:192.168.122.1  Bcast:192.168.122.255
> > > Mask:255.255.255.0
> > >          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
> > >          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> > >          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> > >          TX packets:63 errors:0 dropped:0 overruns:0 carrier:0
> > >          collisions:0 txqueuelen:0
> > >          RX bytes:0 (0.0 b)  TX bytes:11976 (11.6 KiB)
> > >
> > > xenbr0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
> > >          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
> > >          RX packets:40 errors:0 dropped:0 overruns:0 frame:0
> > >          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> > >          collisions:0 txqueuelen:0
> > >          RX bytes:10537 (10.2 KiB)  TX bytes:0 (0.0 b)
> > >
> > >
> > >
> > > 6) The output from the router of the command: "sho ip wccp"
> > >
> > >
> > > omega#sh ip wccp
> > > Global WCCP information:
> > >    Router information:
> > >        Router Identifier:                   X.X.X.X (interface facing 
> > > the
> > > internet/Public ip)
> > >        Protocol Version:                    2.0
> > >
> > >    Service Identifier: web-cache
> > >        Number of Service Group Clients:     0
> > >        Number of Service Group Routers:     0
> > >        Total Packets s/w Redirected:        0
> > >          Process:                           0
> > >          Fast:                              0
> > >          CEF:                               0
> > >        Redirect access-list:                -none-
> > >        Total Packets Denied Redirect:       0
> > >        Total Packets Unassigned:            0
> > >        Group access-list:                   -none-
> > >        Total Messages Denied to Group:      0
> > >        Total Authentication failures:       0
> > >        Total Bypassed Packets Received:     0
> > >
> > >
> > > as for squid.conf, no I havent changed anything but these two:
> > > access list to allow my network
> > > http_access allowing that ACL.
> > >
> > >
> > > PS: I'm currently using a virtual machine, which is why you'll notice 
> > > the
> > > masquarading part. it's nated to my WIFI interface.
> > > once  our setup is up and running I'll move set it all up again on a
> > > server.. thought you should know :)
> > >
> > >
> > > --------------------------------------------------
> > > From: "Ritter, Nicholas" <Nicholas.Ritter@xxxxxxxxxxxxxx>
> > > Sent: Monday, December 15, 2008 11:52 PM
> > > To: "Roland Roland" <R_O_L_A_N_D@xxxxxxxxxxx>
> > > Subject: RE:  Cisco with WCCP!! newbie here..
> > >
> > > > Ubuntu configures Squid more out of the box then CentOS does, which is
> > > > why
> > > > the HTTP browsing should not be working yet.
> > > >
> > > > telnet should be disabled altogether, but only in the sense of a
> > > > telnet-transport based terminal server (ie: telnetting into the centos
> > > > server to get a command shell.)
> > > >
> > > > Can you list the following:
> > > >
> > > > 1) Are you using a loopback interface in the router?
> > > > 2) What is the IP of the centos server, a client maching, and the
> > > > router.
> > > > 3) The output of "service iptables status"
> > > > 4) The output of "lsmod"
> > > > 5) The output of "ifconfig"
> > > > 6) The output from the router of the command: "sho ip wccp"
> > > >
> > > >
> > > > With the above information, I think I can straighten this out for you.
> > > > Also, did you edit the squid config file other than the "MyNet" acl and
> > > > "http_access"?
> > > >
> > > > ________________________________
> > > >
> > > > From: Roland Roland [mailto:R_O_L_A_N_D@xxxxxxxxxxx]
> > > > Sent: Mon 12/15/2008 3:21 PM
> > > > To: Ritter, Nicholas
> > > > Subject: Re:  Cisco with WCCP!! newbie here..
> > > >
> > > >
> > > >
> > > > ya I guess so..
> > > > but is it a firewall issue? because I could perfeclty telnet to it 
> > > > doing
> > > > as
> > > > such :
> > > >
> > > > telnet 192.168.0.7 3128
> > > >
> > > > and a session opens up normaly (this is my current centos)
> > > > but I cant browse or use it as a proxy
> > > >
> > > > --------------------------------------------------
> > > > From: "Ritter, Nicholas" <nicholas.ritter@xxxxxxxxxxxxxx>
> > > > Sent: Monday, December 15, 2008 11:18 PM
> > > > To: "Roland Roland" <R_O_L_A_N_D@xxxxxxxxxxx>
> > > > Subject: RE:  Cisco with WCCP!! newbie here..
> > > >
> > > > > Telnet or ssh?
> > > > >
> > > > > This is why I have issues with ubuntu. Sure things work, but often at
> > > > > the
> > > > > expense of security.
> > > > >
> > > > > Sent from my Windows Mobile® phone.
> > > > >
> > > > > -----Original Message-----
> > > > > From: Roland Roland <R_O_L_A_N_D@xxxxxxxxxxx>
> > > > > Sent: Monday, December 15, 2008 3:02 PM
> > > > > To: Ritter, Nicholas <Nicholas.Ritter@xxxxxxxxxxxxxx>
> > > > > Subject: Re:  Cisco with WCCP!! newbie here..
> > > > >
> > > > > I can't believe I got back to worse than I first started!!!
> > > > >
> > > > > I can't seem to use squid now.
> > > > > I simply installed it with yum install squid on centos 5.2
> > > > >
> > > > > and added:
> > > > > acl MyNet src 192.168.0.0/24
> > > > > http_access allow MyNet
> > > > >
> > > > > that's wht I did when I frst installed it on ubuntu and it worked back
> > > > > then..!
> > > > >
> > > > > now on centos, I could telnet from outside to my box (that means it
> > > > > opened
> > > > > tht port on the firewall)
> > > > > but nothing is returned!
> > > > > heres the output of firefox when I try to open any site to test using
> > > > > my
> > > > > squid's IP/port:
> > > > >
> > > > > Connection Interrupted
> > > > > connection to the server was reset while the page was loading.
> > > > > The network link was interrupted while negotiating a connection. 
> > > > > Please
> > > > > try
> > > > > again.
> > > > >
> > > > > any advice on what might be the prob ?
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --------------------------------------------------
> > > > > From: "Ritter, Nicholas" <Nicholas.Ritter@xxxxxxxxxxxxxx>
> > > > > Sent: Monday, December 15, 2008 4:50 PM
> > > > > To: "Roland Roland" <R_O_L_A_N_D@xxxxxxxxxxx>
> > > > > Subject: RE:  Cisco with WCCP!! newbie here..
> > > > >
> > > > > > Here are some items that will need to be accomplisted:
> > > > > >
> > > > > > 1) you will need to configure iptables to redirect port 80 traffic to
> > > > > > 3128
> > > > > > 2) Setup a GRE tunnel interface between the squid box, and the 
> > > > > > router.
> > > > > > 3) configure WCCP on the router
> > > > > > 4) Edit the squid.conf config file for the squid server.
> > > > > >
> > > > > >
> > > > > > With step 1, this step is largly depending on if you are ok with
> > > > > > running
> > > > > > the squid server on port 80 or not. If you choose to run the squid
> > > > > > server
> > > > > > on port 80, you still need to edit iptables rules to allow port 80
> > > > > > connections.
> > > > > >
> > > > > > Reference the following squid-cache.org wiki articles. And let me 
> > > > > > know
> > > > > > where I can fill in information and specific steps to help you get up
> > > > > > and
> > > > > > running:
> > > > > >
> > > > > > http://wiki.squid-cache.org/ConfigExamples/Wccp2AndNat
> > > > > > http://wiki.squid-cache.org/ConfigExamples/SquidAndWccp2
> > > > > >
> > > > > > Create and bring up the GRE interface:
> > > > > >
> > > > > > modprobe ip_gre
> > > > > > ifconfig gre0 <address of squid server (duplicate of the eth0
> > > > > > interface
> > > > > > address)> netmask 255.255.255.0 up
> > > > > >
> > > > > > If the above commands don't give errors, you can add them to
> > > > > > "/etc/rc.d/init.d/rc.local" so that get done at each boot up.
> > > > > >
> > > > > >
> > > > > >
> > > > > > For the GRE tunnel rules for iptables, you will need something like
> > > > > > (add
> > > > > > to /etc/sysconfig/iptables, then "service iptables condrestart"):
> > > > > >
> > > > > > iptables -A INPUT -i gre0 -j ACCEPT iptables -A INPUT -i gre0 -j
> > > > > > ACCEPT
> > > > > >
> > > > > > iptables -A INPUT -p gre -j ACCEPT
> > > > > > iptables -A RH-Firewall-1-INPUT -s <address of router>/32 -p udp -m
> > > > > > udp --dport 2048 -j ACCEPT
> > > > > >
> > > > > > The first to rules allow gre protocol, and traffic onthe gre
> > > > > > interface,
> > > > > > the second rule allows WCCP control traffic.
> > > > > > ________________________________
> > > > > >
> > > > > > From: Roland Roland [mailto:R_O_L_A_N_D@xxxxxxxxxxx]
> > > > > > Sent: Sun 12/14/2008 3:17 PM
> > > > > > To: Ritter, Nicholas
> > > > > > Subject: Re:  Cisco with WCCP!! newbie here..
> > > > > >
> > > > > >
> > > > > >
> > > > > > Hey :)
> > > > > > I just installed centos 5.2 out of dvd with desktop-gnome.
> > > > > > and followed the instructions u've specified as well as installed
> > > > > > squid
> > > > > > using "yum install squid" and backed up squid.conf to desktop.
> > > > > > now what are the steps you want me to follow..
> > > > > >
> > > > > > thanks in advance,
> > > > > >
> > > > > > Roland
> > > > > >
> > > > > > --------------------------------------------------
> > > > > > From: "Ritter, Nicholas" <Nicholas.Ritter@xxxxxxxxxxxxxx>
> > > > > > Sent: Friday, December 12, 2008 6:58 PM
> > > > > > To: <R_O_L_A_N_D@xxxxxxxxxxx>
> > > > > > Subject: RE:  Cisco with WCCP!! newbie here..
> > > > > >
> > > > > > > with the netinstall, the http url is tricky...but doable. The DVD
> > > > > > > works
> > > > > > > the best regardless. IM'ing would work better, I just don't have an
> > > > > > > IM
> > > > > > > client installed. I have an IRC client installed....or...now that I
> > > > > > > think
> > > > > > > about it...I have a gmail account....could use gmail IM...never done
> > > > > > > it
> > > > > > > though.
> > > > > > >
> > > > > > > Nick
> > > > > > >
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: R_O_L_A_N_D@xxxxxxxxxxx [mailto:R_O_L_A_N_D@xxxxxxxxxxx]
> > > > > > > Sent: Fri 12/12/2008 9:45 AM
> > > > > > > To: Ritter, Nicholas
> > > > > > > Subject: Re:  Cisco with WCCP!! newbie here..
> > > > > > >
> > > > > > > hey :) am downloading the DVD release just now..
> > > > > > > half way through!
> > > > > > > I got the netinstall image, burned it and gave the HTTP option a 
> > > > > > > try,
> > > > > > > it
> > > > > > > gets stuck on image retrieval..
> > > > > > >
> > > > > > > I guess the DVD image would be done soon enough, I'm going to 
> > > > > > > install
> > > > > > > it
> > > > > > > on
> > > > > > > a virtual machine in order to test, and if everything is setup
> > > > > > > smoothly
> > > > > > > (centos/squid) I'll proceed with the squid configuration depending 
> > > > > > > on
> > > > > > > your
> > > > > > > advice..
> > > > > > >
> > > > > > > if you don't mind is there a sort of IM I could contact you on? or
> > > > > > > you
> > > > > > > prefer to keep it over here..?
> > > > > > >
> > > > > > > --------------------------------------------------
> > > > > > > From: "Ritter, Nicholas" <Nicholas.Ritter@xxxxxxxxxxxxxx>
> > > > > > > Sent: Friday, December 12, 2008 4:51 PM
> > > > > > > To: <R_O_L_A_N_D@xxxxxxxxxxx>
> > > > > > > Subject: RE:  Cisco with WCCP!! newbie here..
> > > > > > >
> > > > > > > > Sure.
> > > > > > > >
> > > > > > > > I never use the live cd for installs, always other the DVD, or
> > > > > > > > netinstall
> > > > > > > > cd.
> > > > > > > >
> > > > > > > > Make sure you do a minimal install. Don't install any of the 
> > > > > > > > package
> > > > > > > > groups, although it won't hurt if you do.
> > > > > > > >
> > > > > > > > If you have never installed CentOS before, let me know if you have
> > > > > > > > questions, but after the initial install and boot up, you will be
> > > > > > > > presented with a semi-graphical (ncurses) interface that has a menu
> > > > > > > > and
> > > > > > > > items on it for configuring running services, firewall, network,
> > > > > > > > etc.
> > > > > > > > You
> > > > > > > > want to make sure the box has a static IP (a private ip behind the
> > > > > > > > NAT
> > > > > > > > GW
> > > > > > > > is fine.) In the "Firewall configuration", set the "Security Level"
> > > > > > > > to
> > > > > > > > "Enabled" and "SELinux" to "Permissive". In "System Services",
> > > > > > > > disable
> > > > > > > > any
> > > > > > > > service that contains "sendmail", and/or "rpc", and/or "nfs".
> > > > > > > >
> > > > > > > > If you don't get to a menu, or want to go back to it, just type
> > > > > > > > "setup"
> > > > > > > > at
> > > > > > > > the root CLI prompt.
> > > > > > > >
> > > > > > > > Note: step 1 and 2 are separate for a reason, as it will produce 
> > > > > > > > the
> > > > > > > > most
> > > > > > > > effect way of accomplishing specific goals for updating software.
> > > > > > > >
> > > > > > > > 1) run (as root): yum update yum rpm python
> > > > > > > > - this will update yum, rpm, and python
> > > > > > > > - you will be asked to confirm selections, just type: y
> > > > > > > > - you will be asked to import an GPG signing key, just type: y
> > > > > > > >
> > > > > > > > 2) run (as root): yum update
> > > > > > > > - this will update the rest of the software packages on the system
> > > > > > > > - you will be asked to confirm selections, just type: y
> > > > > > > >
> > > > > > > > 3) reboot
> > > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: R_O_L_A_N_D@xxxxxxxxxxx [mailto:R_O_L_A_N_D@xxxxxxxxxxx]
> > > > > > > > Sent: Fri 12/12/2008 7:55 AM
> > > > > > > > To: Ritter, Nicholas
> > > > > > > > Subject: Re:  Cisco with WCCP!! newbie here..
> > > > > > > >
> > > > > > > > Hi :)
> > > > > > > > I'm having a bit of trouble installing centos from the lvie cd..
> > > > > > > > am downloading  at the moment.. centos dvd..
> > > > > > > >
> > > > > > > > in the meantime could you provide any sort of step that youd like 
> > > > > > > > me
> > > > > > > > to
> > > > > > > > do..!
> > > > > > > > since im going to install squid over centos I guess your already
> > > > > > > > familiar
> > > > > > > > with all the steps?
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --------------------------------------------------
> > > > > > > > From: "Ritter, Nicholas" <Nicholas.Ritter@xxxxxxxxxxxxxx>
> > > > > > > > Sent: Friday, December 12, 2008 1:54 AM
> > > > > > > > To: "RoLaNd RoLaNd" <r_o_l_a_n_d@xxxxxxxxxxx>
> > > > > > > > Subject: RE:  Cisco with WCCP!! newbie here..
> > > > > > > >
> > > > > > > > > > > hey :) i cant begin to thank you for your help..
> > > > > > > > >
> > > > > > > > > No prob...I know what it is like to want to accomplish something
> > > > > > > > > and
> > > > > > > > > needing help.
> > > > > > > > >
> > > > > > > > > > > 1) i dont think that would make a difference (correct me if im
> > > > > > > > > > > wrong)
> > > > > > > > > > > since the destination would only see my router's public ip!
> > > > > > > > > > > unless if theres something i'm not familiar with please do advise
> > > > > > > > > > > me
> > > > > > > > > > > whts
> > > > > > > > > > > the best course of action..
> > > > > > > > >
> > > > > > > > > If you are NATing to the Internet, than you are correct and you
> > > > > > > > > don't
> > > > > > > > > need
> > > > > > > > > client spoofing...which is good because it is easier to do.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > > 2)  Version 12.4(17b), RELEASE SOFTWARE (fc2) Cisco 2811 
> > > > > > > > > > > (revision
> > > > > > > > > > > 53.51
> > > > > > > > >
> > > > > > > > > Cisco IOS has been buggy at times with the WCCP feature. Make sure
> > > > > > > > > you
> > > > > > > > > are
> > > > > > > > > running something in the T release train. Do you have access to 
> > > > > > > > > the
> > > > > > > > > IOS
> > > > > > > > > downloads on Cisco.com?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > > as for the rest, well my squid isnt active, so i dont have a
> > > > > > > > > > > problem
> > > > > > > > > > > installing CENTOS and squid again on on my box if that would help
> > > > > > > > > > > me
> > > > > > > > > > > reach >>my goal..
> > > > > > > > > > > i never used centos before! i'm only familiar with Ubuntu and
> > > > > > > > > > > fedora.
> > > > > > > > > > > but
> > > > > > > > > > > i do have one of it's images ( CentOS-5.1-i386-LiveCD )
> > > > > > > > > > > would this do?! i'll format with it and install squid on it..
> > > > > > > > >
> > > > > > > > > Get the netinstall ISO and do a minimal install and I would say
> > > > > > > > > that
> > > > > > > > > you
> > > > > > > > > could install the squid that comes with the CentOS 5.2 distro, or
> > > > > > > > > we
> > > > > > > > > can
> > > > > > > > > custom build it. After install, do a "yum update"
> > > > > > > > >
> > > > > > > > > > > do u have a specific squid version ud like to advise me with ?! 
> > > > > > > > > > > or
> > > > > > > > > > > anything i should do before installign it ?
> > > > > > > > >
> > > > > > > > > The latest 2.6STABLE release is fine.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > Subject: RE:  Cisco with WCCP!! newbie here..
> > > > > > > > > > Date: Thu, 11 Dec 2008 13:37:36 -0600
> > > > > > > > > > From: Nicholas.Ritter@xxxxxxxxxxxxxx
> > > > > > > > > > To: r_o_l_a_n_d@xxxxxxxxxxx
> > > > > > > > > >
> > > > > > > > > > Here are a few questions:
> > > > > > > > > >
> > > > > > > > > > 1) Do you want transparent redirection via WCCP with or without
> > > > > > > > > > the
> > > > > > > > > > remote website seeing the client machine IP?
> > > > > > > > > > 2) What IOS feature set and version/revision are you using on the
> > > > > > > > > > 2811
> > > > > > > > > > router? (WCCP support is buggy depending on the revision level.)
> > > > > > > > > > 3) Which version of Squid are you running?
> > > > > > > > > > 4) Which version of Linux kernel are you running?
> > > > > > > > > >
> > > > > > > > > > On you ubuntu box, run "insmod gre" then "lsmod" and see if the
> > > > > > > > > > gre
> > > > > > > > > > module loads, if you get an error, try "insmod ip_gre" instead.
> > > > > > > > > >
> > > > > > > > > > I can help you more if you are using CentOS 5.2 rather than
> > > > > > > > > > Ubuntu.
> > > > > > > > > > With
> > > > > > > > > > ubuntu, I can't give you all of the specific command lines with
> > > > > > > > > > arguments, etc.
> > > > > > > > > >
> > > > > > > > > > Nick
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > -----Original Message-----
> > > > > > > > > > From: RoLaNd RoLaNd [mailto:r_o_l_a_n_d@xxxxxxxxxxx]
> > > > > > > > > > Sent: Thu 12/11/2008 1:28 PM
> > > > > > > > > > To: nicholas.ritter@xxxxxxxxxxxxxx
> > > > > > > > > > Subject: RE:  Cisco with WCCP!! newbie here..
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Hi Nicholas,
> > > > > > > > > >
> > > > > > > > > > thanks for replying so soon...
> > > > > > > > > >
> > > > > > > > > > is there anything specific you'd like to know about my topology 
> > > > > > > > > > in
> > > > > > > > > > order
> > > > > > > > > > for u to help out?!
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > > Date: Thu, 11 Dec 2008 13:21:12 -0600
> > > > > > > > > > > From: Nicholas.Ritter@xxxxxxxxxxxxxx
> > > > > > > > > > > To: r_o_l_a_n_d@xxxxxxxxxxx; squid-users@xxxxxxxxxxxxxxx
> > > > > > > > > > > Subject: RE:  Cisco with WCCP!! newbie here..
> > > > > > > > > > >
> > > > > > > > > > > I can help you out with this as needed.
> > > > > > > > > > >
> > > > > > > > > > > Nick
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > From: RoLaNd RoLaNd [mailto:r_o_l_a_n_d@xxxxxxxxxxx]
> > > > > > > > > > > Sent: Thu 12/11/2008 1:05 PM
> > > > > > > > > > > To: squid-users@xxxxxxxxxxxxxxx
> > > > > > > > > > > Subject:  Cisco with WCCP!! newbie here..
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > Hi All,
> > > > > > > > > > >
> > > > > > > > > > > am obviously a newbie here so am seeking an advice if i may..
> > > > > > > > > > >
> > > > > > > > > > > my current topology is as such:
> > > > > > > > > > >
> > > > > > > > > > > cisco 2811 router---Lan (contains users/squid)
> > > > > > > > > > >
> > > > > > > > > > > Squid is installed on ubuntu.
> > > > > > > > > > > and has one NIC with static ip 192.168.0.14/24
> > > > > > > > > > >
> > > > > > > > > > > i've managed to get direct proxy working with minimal 
> > > > > > > > > > > settings..
> > > > > > > > > > > but am finding it hard to set it as transparent..
> > > > > > > > > > > i looked around and found at squid-cache that i could use
> > > > > > > > > > > cisco's
> > > > > > > > > > > WCCP
> > > > > > > > > > > prot=
> > > > > > > > > > > ocol...
> > > > > > > > > > > i've checked the config examples but as i'm a newbie i got a
> > > > > > > > > > > little
> > > > > > > > > > > bit
> > > > > > > > > > > los=
> > > > > > > > > > > t!!!
> > > > > > > > > > >
> > > > > > > > > > > could anyone help out?!
> > > > > > > > > > >
> > > > > > > > > > > any advice would be appreciated:)
> > > > > > > > > > >
> > > > > > > > > > > thank you in advance..
> > > > > > > > > > >
> > > > > > > > > > > Roland
> > > > > > > > > > > _________________________________________________________________
> > > > > > > > > > > Connect to the next generation of MSN Messenger
> > > > > > > > > > > http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > _________________________________________________________________
> > > > > > > > > > Explore the seven wonders of the world
> > > > > > > > > > http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
> > > > > > > > >
> > > > > > > > > _________________________________________________________________
> > > > > > > > > News, entertainment and everything you care about at Live.com. Get
> > > > > > > > > it
> > > > > > > > > now!
> > > > > > > > > http://www.live.com/getstarted.aspx