Re: [squid-users] Re: WCCP configuration

Sat, 10 Jan 2009 06:27:25 -0800 

Amos,

Thanks for your reply.
Sorry, we are not using TPROXY but cttporxy 2.6.20-2.0.6, iptables 1.3.8 and linux kernal 2.6.20.21. 
Cisco IOS 2800 Ver 12.4 (13b)
WCCP+Tranparent proxy works good. Trproxy without wccp works well by not revealing the server ip and only displaying the client ip. But once the wccp is enabled with tproxy, the sever ip is revealed instead of the client ip. 

Please scroll down below to check our previous mails.

Any suggestions please.


VK



-----Original Message-----
From: Amos Jeffries <squ...@treenet.co.nz>
To: Ritter, Nicholas <nicholas.rit...@americantv.com>
Cc: vivek...@aol.in; squid-users@squid-cache.org
Sent: Sat, 10 Jan 2009 8:06 am
0ASubject: Re: [squid-users] Re: WCCP configuration



Ritter, Nicholas wrote: 
With TProxy, I think you need to use Squid3-HEAD to reliably fix your 
issue....Amos would know for sure. 



Nick 



  


Yes. Squid-2.* has no support for TPROXY v4.1+ 
 

3.1.0.3 or later is needed. Which is at least an RC beta now, more
stable that pure 3.HEAD alpha code. 
 

Also the squid.conf and configure details have changed. 

http://wiki.squid-cache.org/Features/Tproxy4 
 

Amos 
 



________________________________ 




From: vivek...@aol.in [mailto:vivek...@aol.in] 



Sent: Fri 1/9/2009 8:39 A

To: hen...@henriknordstrom.net 



Cc: squid-users@squid-cache.org; squ...@treenet.co.nz 



Subject: [squid-users] Re: WCCP configuration 






Hi, 




Thanks for the reply. It did help us solve the problem. 




But there is a new issue. 




We have configured as squid+tproxy. The squid ip is not displayed and 



only the client ip is displayed when we do the proxy test. But after 



configuring wccp we find that the server ip is displayed in the proxy 



test instead of the client ip. 




We also find that the http request is pathetically slow. 




squid.conf 

=0
A


wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 



ports=80 



wccp2_service dynamic 90 



wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source 



priority=240 ports=80 




http_port 3128 transparent tproxy 




iptable: 
/usr/local/sbin/iptables -t tproxy -A PREROUTING -i wccp -p tcp -m 
tcp 


--dport 80 -j TPROXY --on-port 3128 





We created a gre tunnel based on the router identifier. 




wccp2_router xx.xx.xxx.xx (ip of router interface connected to squid 



machine) 
The following command is assigned at the router interface connected 
=0
Ato 


the lan. 



ip wccp 80 redirect in 



ip wccp 90 redirect out 




Following command at the router interface connected to squid. 



ip wccp redirect exclude in 
Router : Cisco IOS Software, 2800 Software 
(C2800NM-ADVIPSERVICESK9-M), 


Version 12.4(13b) 



Kernel : linux-2.6.20.21 



IPtable : iptables-1.3.8 



Os Ver : squid-2.7 Stable 5 




#lsmod 




ip_gre                 19616  0 



iptable_filter         11136  0 



ipt_TPROXY             11136  1 
ipt_REDIRECT 10624 
xt_tcpudp              11904  1 



reiserfs              235144  5 



iptable_tproxy         23036  2 ipt_TPROXY 



iptable_nat            15492  1 iptable_tproxy 
ip_nat 24620 3 
ipt_REDIRECT,iptable_tproxy,iptable_nat 


ip_tables              25448  3 



iptable_filter,iptable_tproxy,iptable_nat 



x_tables               23560  5 



ipt_TPROXY,ipt_REDIRECT,xt_tcpudp,iptable_nat,ip_tables 



ip_conntrack           53400  3 iptable_tproxy,iptable_nat,ip_nat 





The internet works, b
ut the browsing is dead slow. Temporarily we have  


bypassed squid to browse the net. 





Thanks 



VK 





-----Original Message----- 



From: Henrik Nordstrom <hen...@henriknordstrom.net> 



To: vivek...@aol.in 



Cc: squ...@treenet.co.nz; squid-us...@squid-cache.org 



Sent: Thu, 8 Jan 2009 12:05 am 



Subject: Re: WCCP configuration 





ons 2009-01-07 klockan 08:46 -0500 skrev vivek...@aol.in: 





wccp2_router xxx.xx.xxx.xxx 



wccp_version 4 



wccp2_forwarding_method 1 



wccp2_return_method 1 



wccp2_assignment_method 1 



wccp2_service dynamic 8

wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 



ports=80 



wccp2_service dynamic 90 



wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source 



priority=240 ports=80 



 



 



Router Eth0 - connected to lan. Eth1 - connecte to squid. 




Have you also configured 
* A loopback address on the router, giving it a easily identified 
router 


ID 




* the required GRE/WCCP tunnel interface on the Squid server 




* disabled rp_filter on the above GRE/WCCP interface. 




* And adjusted the REDIRECT/NAT rules to act on traffic=2
0received on the  


GRE/WCCP interface configured above? 






    Service Identifier: web-cache 



        Number of Service Group Clients:     1 



        Number of Service Group Routers:     1 



        Total Packets s/w Redirected:        11336 



          Process:                           0 



          Fast:                              0 



          CEF:                               11336 




Looks fine. 

=0
A



Is there any simple way of configuring WCCP. We have beating round 



the 



bush all day long to configure wccp. 
WCCP as such is configured. But something is missing in the 
interception 


at the proxy. Most likely the GRE interface mentioned above. 




Regards 



Henrik 












________________________________________________________________________ 
You are invited to Get a Free AOL Email ID. - http://webmail.aol.in 
<http://webmail.aol.in/>




 



--
Please be using 

  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11 
  Current Beta Squid 3.1.0.3  






________________________________________________________________________
You are invited to Get a Free AOL Email ID. - http://webmail.aol.in

Reply via email to