Search squid archive

Re: Squid doesn't work in WCCP, works fine as transparent

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I think that the router's okay and your squid needs adjustment.

My system only has one GRE device, not two.


iptables  -t nat -nvL has


3499K  197M DNAT       tcp  --  wccp0  *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 to:203.15.226.132:3128 
   95  4592 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128 



ifconfig:

wccp0     Link encap:UNSPEC  HWaddr CB-0F-E2-84-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:203.15.226.132  P-t-P:203.15.226.132  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
          RX packets:90371077 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:18107130326 (16.8 GiB)  TX bytes:0 (0.0 b)



Anyway, before squid starts this code gets run:

CISCO_IP=<IP ADDRESS>
HOST_IP=<IP ADDRESS>
SQUID_PORT=3128


# load the kernel module needed
/sbin/modprobe ip_gre || exit 0

# destroy any existing tunnel with our name
if  /sbin/ifconfig| grep wccp0 > /dev/null; then
/sbin/iptunnel del wccp0 >> /dev/null
fi;

# make a new tunnel

/sbin/iptunnel add wccp0 mode gre remote $CISCO_IP local $HOST_IP dev eth0
/sbin/ifconfig wccp0 $HOST_IP netmask 255.255.255.255 up

# Remove all iptables rules (disabled ATM) -- Don't clobber a production FW!
#/sbin/iptables -F
#/sbin/iptables -t nat -F

# Add redirection rules from port 80 to $SQUID_PORT
/sbin/iptables -I PREROUTING -i eth0 -t nat -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
/sbin/iptables -I PREROUTING -i wccp0 -t nat -p tcp --dport 80 -j DNAT --to-destination $HOST_IP:$SQUID_PORT

# Add UDP packets for wccp stats communication with Cisco gear
/sbin/iptables -I INPUT -i any -p udp --dport 2048 -j ACCEPT

# Accept all port 80 packets
/sbin/iptables -I INPUT -i any -p tcp --dport 80 -j ACCEPT



and gets killed when it stops:

/sbin/iptunnel del wccp0 >> /dev/null

# Remove all iptables changes
/sbin/iptables -D PREROUTING -i eth0 -t nat -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
/sbin/iptables -D PREROUTING -i wccp0 -t nat -p tcp --dport 80 -j DNAT --to-destination $HOST_IP:$SQUID_PORT

/sbin/iptables -D INPUT -i any -p udp --dport 2048 -j ACCEPT

/sbin/iptables -D INPUT -i any -p tcp --dport 80 -j ACCEPT



I'm not an expert, so don't assume that this is all perfect, but I hope it helps.
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux