Search squid archive

Re: wccpv2+squid3.1+tproxy4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Haralds.Ulmanis@xxxxxxxxxxxxx wrote:
Has anyone got working configuration with wccpv2+squid3.1+tproxy4 ?
I have tried several ways, none of them work, not spoofing or timeouts.
If someone got it, please give full setup (gre+iptables+squid+cisco ios).


Yes it has been done.

TPROXY has the usual TPROXY problems. Configuration as normal, ignoring the WCCP:
http://wiki.squid-cache.org/Features/Tproxy4


WCCP has the normal WCCP problems. The WCCP2 configuration is as normal: http://wiki.squid-cache.org/ConfigExamples/Intercept (pick one for the router + one for the Squid box.)

The old TPROXY2 + WCCP config had some IOS tweak settings that still work apparently: http://wiki.squid-cache.org/ConfigExamples/FullyTransparentWithTPROXY

The only new problem added by combining is the timeouts, if the IOS is not routing spoofed packets right. The WCCP rules need to be adjusted to not detect anything based on IP alone. The tweaks above should solve that.


 * confirm that the packets are reaching the Squid box (tcp dump).

* confirm that the packets reaching Squid box are entering Squid (access.log).


For the lack of spoofing:

 * check that libcap or preferably libcap2 is built into Squid

 * check that --enable-linux-netfilter is built in

 * check that --*-tproxy build option is NOT used.

* check that http_port and iptables are configured right according to the Squid wiki...

 * check the wiki Features/Tproxy4 section on troubleshooting

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
  Current Beta Squid 3.1.0.13

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux