Search squid archive

Re: squid in load balanced wccpv2 configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jiffy 1111 wrote:

Hi, all,

In a nutshell, I am trying to install squid as a third proxy to alleviate some pressure from our two Bluecoat proxies into a currently working wccpv2 configuration.
We now have 5000+ users.

My current squid configuration works perfectly fine in explicit mode.
The problem I am having, is that squid can't seem to join the wccp service groups.
I've tried the configuration examples from http://wiki.squid-cache.org/ConfigExamples/ to no avail.

We have two Cisco 6513's in our core and we are using wccp to load balance between the proxies.

I'm posting my sanitized configs hoping someone can shed some light on this and show me what my squid.conf, iptables and network interfaces should look like.
I would also appreciate any recommended settings for memory and disk use based on the hardware spec I am posting. This server will be dedicated to squid.

Server:
cat /etc/redhat-release
Fedora release 12 (Constantine)

rpm -qa squid
squid-3.1.1-1.fc12.i686

4 x Intel(R) Xeon(R) CPU 5160  @ 3.00GHz

free -m
     total
Mem: 7991 
600 Gig on /var

ip tunnel add wccp1 mode gre remote x.x.0.1 local x.x.1.77 dev eth0
ifconfig wccp1 inet x.x.1.76 netmask 255.255.255.192 up

ifconfig
eth0
inet addr:x.x.1.77  Bcast:x.x.1.127  Mask:255.255.255.192

wccp1
inet addr:x.x.1.76  P-t-P:x.x.1.76  Mask:255.255.255.192

iptables:
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter
iptables -F -t nat
iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 80 -j DNAT --to-destination x.x.1.77:55555
iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 20 -j DNAT --to-destination x.x.1.77:20
iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 21 -j DNAT --to-destination x.x.1.77:21
iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 443 -j DNAT --to-destination x.x.1.77:443
iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 1755 -j DNAT --to-destination x.x.1.77:1755
iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 7070 -j DNAT --to-destination x.x.1.77:7070
DNAT used on TCP links (only) with no sign of a matching source fix-up. (MASQUERADE or SNAT). 

Everything else looks good at a quick glance.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.3
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux