I am desperately trying to use Squid(3.3.3) with WCCP2 (Cisco2921). Although it's not working right now but I think I am really close. Router has 3 interfaces and the config is this: ! ip wccp web-cache password 7 01100F175804 ! interface GigabitEthernet0/0 ip address 187.72.34.82 255.255.255.248 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/2 ip address 172.16.1.1 255.255.255.0 ip wccp web-cache redirect in ip nat inside ip virtual-reassembly in duplex auto speed auto ! ip nat inside source list NATTABLE_HOSTS interface GigabitEthernet0/0 od ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 ! ip access-list standard NATTABLE_HOSTS permit 192.168.0.0 0.0.255.255 permit 172.16.0.0 0.0.255.255 permit 10.0.0.0 0.255.255.255 Squid is compiled with following options: configure options: '--prefix=/usr' '--includedir=/usr/include' '--datadir=/usr/share' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--localstatedir=/var' '--sysconfdir=/etc/squid3' '--enable-delay-pools' '--enable-ssl-crtd' '--enable-linux-netfilter' '--enable-eui' '--enable-snmp' '--enable-gnuregex' '--enable-icmp' '--with-logdir=/var/log/squid/' '--enable-referer-log' '--enable-cache-digests' '--enable-wccp' '--enable-wccpv2' '--enable-ssl' --enable-ltdl-convenience Squid.conf: http_port 192.168.1.2:3129 intercept http_port 192.168.1.2:3128 wccp2_router 192.168.1.1 wccp2_forwarding_method gre wccp2_return_method gre wccp2_service standard 0 password=cisco Cache.log is also without any errors. On ubuntu 12.04 I have set the following rules (based on http://wiki.squid-cache.org/Features/Wccp2): modprobe ip_gre ip tunnel add wccp0 mode gre remote 187.72.34.82 local 192.168.1.2 dev eth0 ifconfig wccp0 192.168.1.2 netmask 255.255.255.255 up echo 0>/proc/sys/net/ipv4/conf/wccp0/rp_filter echo 0>/proc/sys/net/ipv4/conf/eth0/rp_filter echo 1>/proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j REDIRECT --to-port 3129 iptables -t nat -A POSTROUTING -j MASQUERADE With all this setup, client browser keeps on loading and loading and finally says server taking too long to respond etc. On the squid machine, via wireshark, I can see that a lot of "destination unreachable" messages are sent from squid to router when I visit some website on browser. From: 192.168.1.2 to 192.168.1.1 [port unreachable] When I manually set proxy IP in browser it works(websites open fine).I could also see HereIAm and ISeeYou messages flowing fine. Please guide me on where am I missing. Let me know if more details are required.
