--- Scott Phalen <[EMAIL PROTECTED]> wrote: > > <I would be very interested in your setup, > especially > <the following: > < > <o How you got the GRE tunnel going > <o How the firewall config was affected by the GRE > <setup > <o What errors, if any, you got from the kernel > after > < compiling wccp into it > > ---------------------------------------------------------------------------- > ------------------------- > My environment: > RedHat AS2.1, Dell 650 Server with 2GB RAM, 145GB > Hard Drive > McAfee WebShield E500 (virus scanning HTTP traffic) > WatchGuard Firewall
sorry for the late response (been hacking BGP all week).. my environ is SuSE Linux 9.1 Pro with kernel 2.6.5, with sufficient memory and hard drive space.. > > All HTTP traffic hits the main router interface, it > is then redirected via > wccp to my squid cache, the webshield is configured > as the cache_peer parent > then all requests go to internet. this is quite straightforward.. am already doing this with the much_hated route-map technique... > > In order to make things work, you need to follow the > FAQ: > > >http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.11 already did.. used it 2 yrs back and even still today (i feel there are some things to update on that particular FAQ, will probably get round to it one of these weekends.. i think...) > > gcc -D__KERNEL__ -I/usr/src/linux/include -Wall > -Wstrict-prototypes -Wno-tri > graphs -O2 -fomit-frame-pointer -fno-strict-aliasing > -fno-common -pipe -mpre > ferred-stack-boundary=2 -march=i686 -DMODULE > -DMODVERSIONS -include > /usr/src/linux/include/linux/modversions.h -c -o > ip_wccp.o ip_wccp.c well, i am using the 2.6 kernle, so things are little difficult.. been trying to Google for the past month, but there's not much support for 2.6 wccp compilation, let alone integration.. > > Compile ip_wccp.c > Copy the newly created ip_wccp.o to: > /lib/modules/[kernel-version]/kernel/net/ipv4 > Run depmod -a > Run modprobe ip_wccp > Modify the /etc/rc.d/rc.local file to include the > following lines > insmod ip_wccp > iptables -t nat -A PREROUTING -i eth0 -p tcp > --dport 80 -j > REDIRECT --to-port 3128 > Modify the /etc/sysctl.conf file: > net.ipv4.ip_forward = 1 > net.ipv4.conf.default.rp_filter = 1 > Ensure the following lines are in the squid.conf > file > httpd_accel_host virtual > httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > wccp_router X.X.X.X > wccp_version 4 > [squid-home-dir]/bin/./RunCache & already did this (well, most of it is different as i am running SuSE and not RH)... squid is running transparently already.. wccp module loads with a few errors Google says i shd ignore (since it's not GPL'ed blah blah).. > > What you are doing is: > • Installing a kernel module that understands WCCP > natively > • Modifying settings so the machine can 'route' > between the WCCP virtual > network and the internet > • Modifying squid to use WCCP, and forward packets > received on port 80 as if > they were received on port 3128 wish all this worked on my 2.6.5 kernel.. :(.. > > WCCP uses the GRE protocol to encapsulate requests. an alternative for which i was hoping to stumble upon.. > The kernel module > greatly simplifies handling these. It is possible > to do it with the > "ip_gre" module, but far more complex (if more > secure). am sorry i don't understand that bit.. u sound like there's another way of handling it... please describe.. isn't GRE tunnelling the popular method of doing this with wccp..?.. Mark. > > > ___________________________________________________________ALL-NEW Yahoo! Messenger - sooooo many all-new ways to express yourself http://uk.messenger.yahoo.com