Haralds.Ulmanis@xxxxxxxxxxxxx wrote:
Has anyone got working configuration with wccpv2+squid3.1+tproxy4 ?
I have tried several ways, none of them work, not spoofing or timeouts.
If someone got it, please give full setup (gre+iptables+squid+cisco ios).
Yes it has been done.
TPROXY has the usual TPROXY problems. Configuration as normal, ignoring
the WCCP:
http://wiki.squid-cache.org/Features/Tproxy4
WCCP has the normal WCCP problems. The WCCP2 configuration is as normal:
http://wiki.squid-cache.org/ConfigExamples/Intercept (pick one for the
router + one for the Squid box.)
The old TPROXY2 + WCCP config had some IOS tweak settings that still
work apparently:
http://wiki.squid-cache.org/ConfigExamples/FullyTransparentWithTPROXY
The only new problem added by combining is the timeouts, if the IOS is
not routing spoofed packets right. The WCCP rules need to be adjusted to
not detect anything based on IP alone. The tweaks above should solve that.
* confirm that the packets are reaching the Squid box (tcp dump).
* confirm that the packets reaching Squid box are entering Squid
(access.log).
For the lack of spoofing:
* check that libcap or preferably libcap2 is built into Squid
* check that --enable-linux-netfilter is built in
* check that --*-tproxy build option is NOT used.
* check that http_port and iptables are configured right according to
the Squid wiki...
* check the wiki Features/Tproxy4 section on troubleshooting
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
Current Beta Squid 3.1.0.13
