Hi,
I have one little problem with squid. I use squid now as configured
manually, but can't force it to work in transparent mode.
My whole config is:
1. network
{internet} -> router cisco 2821 (with 2 vlans) -> switch -> client is
on vlan 201, squid is on vlan 2
2. cisco config: FastEthernet0/0 is external interface with direct
connection to the Internet, with external IP address (77.77.77.12 is
fake), FastEthernet0/1.201 is vlan interface with all clients,
FastEthernet0/1.2 is vlan interface with squid machine in it
ip wccp web-cache
ip cef
interface FastEthernet0/0
ip address 77.77.77.12 255.255.255.224
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/1.2
encapsulation dot1Q 201
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip mroute-cache
no snmp trap link-status
interface FastEthernet0/1.201
encapsulation dot1Q 201
ip address 192.168.201.1 255.255.255.0
ip wccp web-cache redirect out
ip wccp web-cache redirect in
ip nat inside
ip virtual-reassembly
no ip mroute-cache
no snmp trap link-status
3. network config on machine with squid
iface eth0 inet static
address 192.168.2.243
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
4. squid config
wccp2_router 77.77.77.12
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0
access_log /var/log/squid3/access.log
http_port 3128 transparent
acl blocksites url_regex "/etc/squid3/blocked-sites.acl"
http_access deny blocksites
5. iptables config
$iptables -F
$iptables -X
$iptables -F -t nat
$iptables -F -t mangle
$iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j REDIRECT --$
6. tunnel config
/sbin/ip tunnel add wccp0 mode gre remote 77.77.77.12 local
192.168.2.243 dev eth0;
/sbin/ifconfig wccp0 192.168.2.243 netmask 255.255.255.255 up
/sbin/sysctl -w net.ipv4.conf.wccp0.rp_filter=0 ;
/sbin/sysctl -w net.ipv4.conf.eth0.rp_filter=0 ;
Now, the problem. If I configure manually proxy on client all is
working fine. When I remove the proxy configuration from the browser,
then I cannot access any webpage.
I did some debug, and when I run tccpdump for wccp0 interface, and try
to access some webpage on client (squid in transparent mode) then I
see that some packets on the wccp0 interface, but no page is loading.
Also on cisco router, when I run: sh ip wccp web-cache i get:
Global WCCP information:
Router information:
Router Identifier: 192.168.201.1
Protocol Version: 2.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 2089
Process: 116
Fast: 0
CEF: 1973
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 139
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
and when I run: sh ip wccp web-cache detail i get:
WCCP Cache-Engine information:
Web Cache ID: 192.168.2.243
Protocol Version: 2.0
State: Usable
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 5
Connect Time: 05:42:44
Bypassed Packets
Process: 0
Fast: 0
CEF: 0
So, please help me set this up as transparent proxy.
Thanks in advance,
Slawek
