Hello, I have been trying to get WCCPv2 and Ubuntu to talk now for about 2 days and its driving be nutz! The GRE tunnel is established with my Cisco router and Im revieving TCP port 80 requsest over it, but when tailing the message log I never see anything in there. I confirned I was getting the packets using tcpdump on the wccp0 interface. I believe it is a NAT redirect issue, but cant seem ti figure out where. Please look at the following and let me know if I am doing something wrong. Also, it works when I hard code my browser to the Squid Proxy because I setup a test dstdomain and it blocked it. Thanks in advance! Ubuntu 12.04: modprobe ip_gre ip tunnel add wccp0 mode gre remote 172.29.0.1 local 172.29.0.55 dev eth0 ifconfig wccp0 172.29.0.55 netmask 255.255.255.255 up iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.29.0.55:3128 echo 0 >/proc/sys/net/ipv4/conf/wccp0/rp_filter echo 0 >/proc/sys/net/ipv4/conf/eth0/rp_filter echo 1 >/proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -t nat -A POSTROUTING -j MASQUERADE Squid 3.1: root@dude-AOA150:~# more /etc/squid3/squid.conf http_port 3128 transparent wccp2_router 172.29.0.1 wccp_version 4 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_assignment_method 1 wccp2_service standard 0 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 acl manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/ acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl bad-sites dstdomain .nascar.com http_access allow manager localhost http_access deny bad-sites http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet http_access deny all Cisco 831: mustang-gt#sh run int e0 Building configuration... Current configuration : 288 bytes ! interface Ethernet0 description connection to lan ip address 172.29.0.1 255.255.255.0 ip access-group internal-ingress in ip wccp web-cache redirect in no ip redirects no ip unreachables ip nat inside ip inspect inbound in ip virtual-reassembly load-interval 30 end mustang-gt#sh run | i wccp ip wccp web-cache redirect-list 120 -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Cant-get-WCCPv2-to-work-with-Ubuntu-12-04-and-Cisco-831-SOHO-tp4655712.html Sent from the Squid - Users mailing list archive at Nabble.com.
