Hi Amos, OK, it was my fault that I posted before run in real network with WCCP. We are running Squid+tproxy under Policy Based routing without any major trouble (pls see below of problem are we facing). This week we will move squid from PBR to Wccp. The mentioned example based on vlan dot1q, let me dig with cisco and will raise if face any problem. 1. If we run squid with default conf file, we got cache host name in "www.whatismyip.com", to avoid that we added following in squid.conf file: forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access All deny all Now, there is no cache/squid host name in "whatismyip.com", but in hotmail/live.com's email service inbox no message open, it's shown a error that another ip accessing the same page. I guess we need to add another "request_header_access" rule, any clue on it. Is "http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html"; the final list of all HEADER LIST? 2. What is safe filedescriptors value I should use? TIA, Azhar On Sun, Apr 17, 2011 at 9:01 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 17/04/11 05:14, AZHAR CHOWDHURY wrote: >> >> Hi, >> I am following http://wiki.squid-cache.org/Features/Tproxy4 strictly >> but failed to configure with CISCO router& WCCP2. >> >> My setup as follow: >> >> Clients PCs>-----------------------------[Core >> switch]-------->>-----------[Edge CISCO Router with >> WCCP2]--------------->Internet >> || >> [Squid 3.1.10 with Fedora 14, iptables, tproxy] >> >> I can't configure Cisco router with following configuration as there >> is no other interface there (only two, one connected with core >> internal switch and rest with internet. >> Please help me. > > You have not stated anything about a problem. We cannot help unless we now > what is going wrong. > > Finding the problem can be time consuming or tricky unless you are fairly > familiar with TCP. The "Troubleshooting" section on the tproxy4 page has > many hints about what can go wrong and how to find/resolve them. > >> ============================= >> interface GigabitEthernet0/3.100 >> description ADSL customers >> encapsulation dot1Q 502 >> ip address x.x.x.x y.y.y.y >> ip wccp 80 redirect in >> ip wccp 90 redirect out >> >> interface GigabitEthernet0/3.101 >> description Dialup customers >> encapsulation dot1Q 502 >> ip address x.x.x.x y.y.y.y >> ip wccp 80 redirect in >> ip wccp 90 redirect out >> >> interface GigabitEthernet0/3.102 >> description proxy servers >> encapsulation dot1Q 506 >> ip address x.x.x.x y.y.y.y >> ip wccp redirect exclude in >> ===================== >> >> Another question, how do check gre is configured at Linux? > > "ip link show" > > ... lists the active interfaces. GRE should be one of them when open. > > > TPROXY and WCCP are relatively independent operations. Both equally > troublesome and complex. > > It is worth checking that TPROXY is fully operational and working before > adding WCCP tunneling on top to complicate things further. > You can test that by having the squid box as router for your workstation > instead of the Cisco. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.12 > Beta testers wanted for 3.2.0.6 >
