Hey Jordan, I am running a similar config with wccp and CentOS 6.3 with
Cisco routers.
Your config looks close to what I have but I use the built-in gre0
tunnel so don't have the interface explicitly setup just have it in rc.local
like this:
ifconfig gre0 inet 1.2.3.4 netmask 255.255.255.0 up
echo 1 > /proc/sys/net/ipv4/ip_forward
(same iptables statement as you have)
iptables -F -t nat
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j DNAT
--to-destination 10.80.166.227:3127
From the router - I did not set the config up but have to documentation
and have these additional statements defined to force http traffic to the squid
- 166.227)
access-list wccp-servers extended permit ip host 10.80.166.227 any
access-list wccp-traffic extended permit tcp object-group
DM_INLINE_NETWORK_7 any eq www
wccp web-cache redirect-list wccp-traffic group-list wccp-servers
hope this helps....
-----Original Message-----
From: Jordan Dalley [mailto:jdal...@tsv.catholic.edu.au]
Sent: Monday, September 23, 2013 6:17 AM
To:
Subject: [squid-users] WCCP issues with Centos 6.3 and Cisco 2901
Hi Squid community,
I have an issue whereby I am just struggling to find out why it wont work.
I have trawled through multiple forums, howto's, faq's etc but no matter what I
do, I cannot get it to work properly.
Here is what I have done so far:
Router IP: 10.114.3.34
Squid IP: 10.112.4.4
WAN Subnet: 10.112.0.0 / 255.252.0.0
Squid Config:
http_port 3127 intercept
wccp2_router 10.114.3.34
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_service standard 0
Confirm I can access and use port 3127 directly without issue from any location
in the WAN.
Router Config:
ip wccp web-cache
interface G0/1
!Inside interface
ip wccp web-cache redirect in
Added to sysctl.conf:
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth0.ip_filter = 0
net.ipv4.conf.gre0.rp_filter = 0
net.ipv4.conf.gre0.ip_filter = 0
Added to /etc/sysconfig/network-scripts/ifcfg-gre0
DEVICE=gre0
BOOTPROTO=static
IPADDR=127.0.0.2
NETMASK=255.255.255.0
ONBOOT=YES
IPV6INIT=NO
Linux Configuration:
modprobe ip_gre
ifup gre0
iptables -t nat -F
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j DNAT
--to-destination 10.112.4.4:3127
If, I then do a tcpdump -i gre0 I can see packets flowing through this
interface with destination port 80. Unfortunately it seems as if they are
somehow not being natted to the squid server.
I've tried different varying methods of doing this, but none of them seem to
work.
Does anyone have any ideas?
Regards,
Jordan.
______________________________________________________
NIPRO GLASS
______________________________________________________
CAUTION - This message may contain privileged and confidential information
intended only for the use of the addressee named above. If you are not the
intended recipient of this message you are hereby
notified that any use, dissemination, distribution or reproduction of this
message is prohibited. If you have received this message in error please notify
NIPRO GLASS
immediately. Any views expressed in
this message are those of the individual sender and may not necessarily reflect
the views of NIPRO GLASS.
