Hello! I'm trying to set up a transparent proxy, but I'm running in to some difficulty. Here is my set up:
* Cisco 837 running Cisco IOS 12.3 * FreeBSD 5.1 * squid-2.5.4_6 with WCCP compiled in * (also running apache-2.0.48_1, running on port 80) I have so far taken the following steps: In squid.conf: -------------- ## WCCP Redirection (Transparent Proxy) ## ------------------------------------ httpd_accel_host virtual httpd_accel_port 3128 httpd_accel_with_proxy on httpd_accel_uses_host_header on wccp_router 10.0.0.254 wccp_version 3 On the Cisco 837: ----------------- ip wccp version 1 ip wccp web-cache redirect-list 2 ! interface BVI1 description --- Bridging Interface --- ip address 150.101.x.x 255.255.255.248 ip wccp web-cache redirect in ip nat outside end ! access-list 2 permit 10.0.0.0 0.0.0.255 On FreeBSD 5.1: --------------- <compiled 'device gre' into kernel> configured device with: # ifconfig gre0 create # ifconfig gre0 10.0.0.3 10.0.0.254 netmask 255.255.255.255 up # ifconfig gre0 tunnel 10.0.0.3 10.0.0.254 # route delete 10.0.0.254 ifconfig: gre0: flags=9051<UP,POINTOPOINT,RUNNING,LINK0,MULTICAST> mtu 1476 tunnel inet 10.0.0.3 --> 10.0.0.254 inet6 fe80::240:5ff:fe03:3fb1%gre0 prefixlen 64 scopeid 0x5 inet 10.0.0.3 --> 255.255.255.0 netmask 0xff000000 Once all this is done and Squid starts I get the following messages on my 837: router#deb ip wccp event router#deb ip wccp packet *Mar 1 19:57:04.715: WCCP-PKT: Sending I_See_You packet to 10.0.0.3 w/ rcvd_id 000000C2 *Mar 1 19:57:14.739: WCCP-EVNT: Built I_See_You msg body w/1 usable web caches, change # 0000000B *Mar 1 19:57:14.739: %WCCP-5-CACHEFOUND: Web Cache 10.0.0.3 acquired *Mar 1 19:57:14.739: WCCP-PKT: Received valid Here_I_Am packet from 10.0.0.3 w/rcvd_id 000000C2 *Mar 1 19:57:14.739: WCCP-PKT: Sending I_See_You packet to 10.0.0.3 w/ rcvd_id 000000C3 *Mar 1 19:57:25.759: WCCP-PKT: Received valid Here_I_Am packet from 10.0.0.3 w/rcvd_id 000000C3 *Mar 1 19:57:25.759: WCCP-PKT: Sending I_See_You packet to 10.0.0.3 w/ rcvd_id 000000C4 So they're talking WCCP, however users can still browse the web and it seems to me as though the router isn't forwarding the traffic: router#sh ip wccp web-cache detail WCCP Cache-Engine information: Web Cache ID: 0.0.0.0 Protocol Version: 0.3 State: Usable Initial Hash Info: 00000000000000000000000000000000 00000000000000000000000000000000 Assigned Hash Info: 00000000000000000000000000000000 00000000000000000000000000000000 Hash Allotment: 0 (0.00%) Packets Redirected: 0 Connect Time: 00:03:35 I am not sure if interface BVI1 is supposed to be redirect in or redirect out, but so far having either has shown the same results. Squid logs are not showing anything. Is my understanding correct if I say that my 837 intercepts traffic on port 80 and then, using the GRE tunnel, redirects it to my FreeBSD box still on port 80, where squid handles it like a normal request? If this is the case, am I supposed to set up some kind of firewall rule that captures traffic in port 80 and remaps it to port 3128? If I do this, how can I have apache and squid running together? This is sort of what I have worked out after reading the setup steps for all sorts of linux/freebsd configurations, but I'm not so sure it's what I need to do. To test this I changed the listening port of squid to 80, and still saw no entries in my access.log tending me to believe that the wccp-redirect just ain't workin'. Can anyone shed any light? Cheers, -- Adam Smith : [EMAIL PROTECTED] Internode : http://www.internode.on.net Phone : (08) 8228 2999