On Sun, 24 Feb 2008, Adrian Chadd wrote:
There's only a small number of things you have to do to setup WCCPv2.
* configure/compile squid with the relevant transparent interception option.
For you its --enable-linux-netfilter IIRC.
* enable ip forwarding in linux
* create gre
* point GRE endpoint at your router's WCCPv2 routerid - use a loopback
interface on the Cisco for now, that'll make it much, much more predictable
as the wccpv2 routerid is then always loopback id
* for ease of testing, make sure no iptables rules exist, then add:
iptables -A PREROUTING -i <gre interface> -p tcp -m tcp --dport 80 -j REDIRECT
--to-ports 3128
I have much simpler setup working on CentOS x86_64 2.6.23 and cisco
7204VXR IOS version 12.2(46a). squid version 2.6 STABLE17:
* recompile kernel with CONFIG_NET_IPGRE=m
* compile squid with wccpv2 support
* setup gre0 interface with some unused private IP assigned to it
* intercept in iptables :-
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j REDIRECT
--to-port 3128
As Henrik suggested me during this setup, IPGRE module in kernel
automatically decapsulates the gre packets on the gre0 interface and it
has been doing it so far.
gre0 Link encap:UNSPEC HWaddr
00-00-00-00-FF-F8-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.172.2 Mask:255.255.255.252
UP RUNNING NOARP MTU:1476 Metric:1
RX packets:1970129052 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:3666 dropped:0 overruns:0 carrier:0
collisions:3666 txqueuelen:0
RX bytes:305795313631 (284.7 GiB) TX bytes:0 (0.0 b)
[EMAIL PROTECTED] ~]# cat /etc/sysconfig/network-scripts/ifcfg-gre0
DEVICE=gre0
BOOTPROTO=static
BROADCAST=192.168.172.3
IPADDR=192.168.172.2
NETMASK=255.255.255.252
NETWORK=192.168.172.0
ONBOOT=yes
TYPE=Ethernet
This setup has been working nicely for me.
Manoj
Adrian
--
