--- On Sun, 5/9/10, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > From: Amos Jeffries <squid3@xxxxxxxxxxxxx> > Subject: Re: squid in load balanced wccpv2 configuration > To: squid-users@xxxxxxxxxxxxxxx > Date: Sunday, May 9, 2010, 6:55 AM > Jiffy 1111 wrote: > > Hi, all, > > > > In a nutshell, I am trying to install squid as a third > proxy to alleviate some pressure from our two Bluecoat > proxies into a currently working wccpv2 configuration. > > We now have 5000+ users. > > > > My current squid configuration works perfectly fine in > explicit mode. > > The problem I am having, is that squid can't seem to > join the wccp service groups. > > I've tried the configuration examples from http://wiki.squid-cache.org/ConfigExamples/ to no > avail. > > > > We have two Cisco 6513's in our core and we are using > wccp to load balance between the proxies. > > > > I'm posting my sanitized configs hoping someone can > shed some light on this and show me what my squid.conf, > iptables and network interfaces should look like. > > I would also appreciate any recommended settings for > memory and disk use based on the hardware spec I am posting. > This server will be dedicated to squid. > > > > Server: > > cat /etc/redhat-release > > Fedora release 12 (Constantine) > > > > rpm -qa squid > > squid-3.1.1-1.fc12.i686 > > > > 4 x Intel(R) Xeon(R) CPU 5160 @ 3.00GHz > > > > free -m > > total > > Mem: 7991 > > 600 Gig on /var > > > > ip tunnel add wccp1 mode gre remote x.x.0.1 local > x.x.1.77 dev eth0 > > ifconfig wccp1 inet x.x.1.76 netmask 255.255.255.192 > up > > > > ifconfig > > eth0 > > inet addr:x.x.1.77 Bcast:x.x.1.127 > Mask:255.255.255.192 > > > > wccp1 > > inet addr:x.x.1.76 P-t-P:x.x.1.76 > Mask:255.255.255.192 > > > > iptables: > > echo 1 > /proc/sys/net/ipv4/ip_forward > > echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter > > echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter > > echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter > > echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter > > echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter > > echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter > > iptables -F -t nat > > iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp > --dport 80 -j DNAT --to-destination x.x.1.77:55555 > > iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp > --dport 20 -j DNAT --to-destination x.x.1.77:20 > > iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp > --dport 21 -j DNAT --to-destination x.x.1.77:21 > > iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp > --dport 443 -j DNAT --to-destination x.x.1.77:443 > > iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp > --dport 1755 -j DNAT --to-destination x.x.1.77:1755 > > iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp > --dport 7070 -j DNAT --to-destination x.x.1.77:7070 > > > > DNAT used on TCP links (only) with no sign of a matching > source fix-up. (MASQUERADE or SNAT). > > Everything else looks good at a quick glance. > > Amos > -- Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.3 > Hi, Amos, Thank you for the hint, but, I guess you are speaking about iptables. I am not overly familiar with that. Would you be so kind as to provide an example or an explanation for this set up? I am in training this week and will be back in the office on Monday ready and willing to try this and if it works, provide a working config for others to reference. Thanks again, Jeff
