Amos Jeffries <squid3@xxxxxxxxxxxxx> writes: >First, check your configuration for Squid and its firewall match this >page: >http://wiki.squid-cache.org/Features/Wccp2#Squid_configuration_for_WCCP_version_2 > >An alternative to WCCP is to do real routing, we have an example for a >2501 here: >http://wiki.squid-cache.org/ConfigExamples/Intercept/Cisco2501PolicyRoute > > >For the troubleshooting; > * There is no indication in the cache.log that the cisco or Squid are in >contact with each other. Check the cisco wccp information to see if its >got >any knowledge of Squid. > * check if requests are getting into Squid. access.log should have >records of every request attempt made, even failed ones. > * the 'usual' problem when this behaviour is seen is that packets going >from squid get looped back somewhere strange. They are supposed to get a >free pass out to the Internet. Whether or not they go back to the cisco to >do so is optional. > > >Squid by default will hold off sending its HERE_I_AM message to the cisco >until the cache has been fully loaded and Squid is actually ready for >service. If you have a large cache (GB) wccp2_rebuild_wait can make it not >wait, but you will see degraded service until the cache is available. > Thanks. After spending a lot of time with wccp and trying the tutorial on squids wiki, I think I have given up. It "seems" to work before I play around with my iptables. I say seems because I can actually see gre traffic on the squid server and I see wccp packets being sent to the squid server on the cisco router, but I am not sure if this is actually working though. Is there a way I can actually check squid logs to see if it's getting anything? For some reason I don't have an access.log. I have an access.log.1, but not an access.log. When I put this in: iptables -t nat -A PREROUTING -i gre1 -p tcp --dport 80 -j REDIRECT --to-port 3129 It seems to break it and I'm left with the same problem I had before. I then tried the routing method you have posted. I configured my cisco router word for word and it doesn't seem to be working. I have a Dansguardian filter and I can see that traffic is obviously not going through the filter. Shouldn't this method work just like the sonicwall method that is working for me? Essentially it's just routing traffic to my proxy server. I don't understand how this is so hard for me. Thanks for your time! -Chris ___________________________ Chris Abel Systems and Network Administrator Wildwood Programs 2995 Curry Road Extension Schenectady, NY 12303 518-836-2341
