Hi,
I am working on setting up Squid 3.1 with Tproxy using WCCP on Cisco 3550.
Configs that I am using is below
Router and Proxy both are on Public IPs, traffic coming in from clients are
also Public IP
But for some reason the Router Identifier IP is showing as Local IP which is
being used to access router from local network.
=====================================================================
[root@proxy squid]# cat squid.conf
##start of config
http_port 3127 tproxy
icp_port 3130
icp_query_timeout 5000
pid_filename /var/run/squid-3127.pid
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.local
unique_hostname proxy.local
cache_mgr noc@proxy.local
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
logfile_rotate 1
shutdown_lifetime 10 seconds
acl localnet src X.X.X.X/X # Public IP range for clients
acl squidlocal src 127.0.0.1
uri_whitespace strip
request_header_max_size 120 KB
dns_nameservers 127.0.0.1
cache_mem 8 GB
maximum_object_size_in_memory 1 MB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
max_filedesc 65500
cache_dir aufs /cache1 850000 64 256 max-size=20971520
cache_dir aufs /cache2 850000 64 256 max-size=20971520
cache_dir aufs /cache3 850000 64 256 max-size=20971520
cache_dir aufs /cache4 850000 64 256 max-size=20971520
minimum_object_size 512 bytes
maximum_object_size 100 MB
offline_mode off
cache_swap_low 98
cache_swap_high 99
# No redirector configured
*wccp2_router 192.168.50.4
wccp2_rebuild_wait off
wccp2_forwarding_method 2
wccp2_return_method 1
wccp2_assignment_method 1
*
# Setup some default acls
acl all src all
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 3127
1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin \?
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
# Always allow localhost connections
http_access allow localhost
# Allow local network(s) on interface(s)
http_access allow localnet
http_access allow squidlocal
# Default block all to be sure
http_access deny all
qos_flows local-hit=0x30
qos_flows sibling-hit=0x31
qos_flows parent-hit=0x32
##end of config
=====================================================================
*Router config related to WCCP*
Switch-3550#sh ru
....
ip wccp web-cache
interface FastEthernet0/15
description PPTP-Server
no switchport
ip address X.X.X.X 255.255.255.252
ip wccp web-cache redirect in
interface GigabitEthernet0/2
description ***Squid-Proxy***
no switchport
ip address X.X.X.X 255.255.255.248
....
Switch-3550#sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 192.168.50.4
Protocol Version: 2.0
Service Identifier: web-cache
Number of Service Group Clients: 0
Number of Service Group Routers: 0
Total Packets s/w Redirected: 0
Process: 0
CEF: 0
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Switch-3550#
=================================================================
As I am new to WCCP with Squid, I do not know a great detail of configuring
WCCP and Squid.
With above config, I do not see any traffic being redirected to squid.
Any help is greatly appreciated.
-----
Regards,
Mudasir Mirza
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-1-with-Tproxy-and-WCCP-on-Cisco-3550-tp4662987.html
Sent from the Squid - Users mailing list archive at Nabble.com.
