Hi Raphael, I have a couple of Squid servers running on FreeBSD 4.7-RELEASE with GRE support.
-----Original Message----- From: Raphael Maseko [mailto:[EMAIL PROTECTED] Sent: Monday, June 16, 2003 5:31 PM To: [EMAIL PROTECTED] Hi, I got it working on FreeBSD 4.6.2 with the help of the instructions on: http://www.freebsd.org/cgi/query-pr.cgi?pr=i386/47813 and http://www.geocrawler.com/archives/3/165/2002/10/0/10004885/ Try this: 1. download the gre.c and the wccp patch and apply them according to the FAQ on http://www.squid-cache.org/Doc/FAQ/FAQ-17.html 2. Rebuild the Kernel with "options GRE" 3. Configure SQUID with --enable-ipf-transparent option 4. Edit the /etc/rc.conf to enable ipnat: ipnat_enable="YES" ipnat_program="/sbin/ipnat" ipnat_rules="/etc/ipnat.rules" ipnat_flags="" 5. creat /etc/ipnat.rules with: rdr fxp0 0.0.0.0/0 port 80 -> 208.224.179.254 port 3128 tcp (3128 can be changed to your appropriate port) 6. Enable wccp on your router 7. run ipnat -l to see redirections Good luck Ralph NB: I did not add the "pseudo-device gre". I must say that I have trouble trying to get WCCP working on 5.0 ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 16, 2003 11:12 AM Subject: [squid-users] IPFilter + FreeBSD + WCCP > Hi all, > > I'm running Squid 2.5-STABLE2 on a FreeBSD 4.8-STABLE machine compiled with > -enable-ipf-transparent (-STABLE doesn't have the IPFilter headers installed > in /usr/include/netinet, copied in manually). > > The kernel is compiled with `pseudo-device gre', followed instructions on > squid-cache.org on how to setup a GRE tunnel from the server to the router. > The router can see the server but I couldn't see any redirection happening > on the server (via `ipnat -l'). > > Here's my /etc/ipnat.rules: > > rdr gre0 0.0.0.0/0 port 80 -> 202.91.166.3 port 8080 tcp > > Here's the output ouf `ipnat -l': > > List of active MAP/Redirect filters: > rdr gre0 0.0.0.0/0 port 80 -> 202.91.166.3 port 8080 tcp > > List of active sessions: > > (I also tried using `sis0' instead of `gre0' as the source interface but I > still got the same result) > > Here's the output of `ifconfig -a': > > sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 202.91.166.3 netmask 0xffffffe0 broadcast 202.91.166.31 > ether 00:e0:18:ec:cb:37 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet 127.0.0.1 netmask 0xff000000 > gre0: flags=9051<UP,POINTOPOINT,RUNNING,LINK0,MULTICAST> mtu 1476 > tunnel inet 202.91.166.3 --> 202.91.166.1 > inet 202.91.166.3 --> 202.91.166.1 netmask 0xffffffff > > Squid is running with the following credentials: user: nobody, group: > nogroup. > > crw-rw---- 1 root nogroup 79, 0 Jun 16 17:02 /dev/ipl > crw-rw---- 1 root nogroup 79, 1 Jun 16 17:02 /dev/ipnat > > The kernel was compiled using the following options: > > options IPFILTER > options IPFILTER_LOG > > Here's my /etc/rc.local: > > #!/bin/sh > # > # $Id: rc.local,v 1.7 2003/06/16 07:51:49 root Exp $ > > SQUID_IP="202.91.166.3" > ROUTER_IP="202.91.166.1" > FW="/sbin/ipfw" > > ## Create GRE interface and tunnel WCCP packets through it > ifconfig gre0 create > ifconfig gre0 $SQUID_IP $ROUTER_IP netmask 255.255.255.255 up > ifconfig gre0 tunnel $SQUID_IP $ROUTER_IP > route delete $ROUTER_IP > > --- > francis a. vidal [bitstop network services] | http://www.bnshosting.net > streaming media + web hosting | http://www.bitstop.ph > v(02)330-2871,(02)330-2872; f(02)330-2873 | http://www.kuro.ph