Hi,
At 04:17 p.m. 24/03/2005, Muthukumar wrote:
Dear Dev Team,
I have problem in configuring the WCCP v1 + Squid 2.5S9 + kernel 2.6.5. The following is our configurations and settings. The Squid
machine and the router are comminocating with the WCCP packets as i get the UDP 2048 packets to and fro between the router and the
squid. Please let me know if we missed out anything.
-------------- 203.157.193.81 -- Router with wccp v1 IOS 12.2 --------------
What version particularly? Is it a 12.2 GD release? Not every release of IOS works well with WCCP, so I advise you to run a GD release and not a T or LD release. I have found that certain releases work, then the next release will break with certain other combinations of new features etc etc
| | | | ------------------------------------------- | | | | | | | | | 203.157.193.82 203.157.193.89 203.157.193.85 (squid) (client) (My system)
Router ip: 203.157.193.81 cache system: 203.157.193.82 Squid version: 2.5stable9
Linux Kernel Version 2.6.5
This is very old. If you are running 2.6.10 or better (I suggest 2.6.11) then the WCCP/GRE support is built into ip_gre. In addition, you'll pick up many security and performance fixes.
First used the kernel with ip_gre enabled and compiled Second time used the ip_wccp patch from squid-cache.org site. and compiled the kernel with ip_gre and ip_wccp enabled
used
modprobe ip_gre modprobe ip_wccp
You only should load one of these, not both. I suggest just ip_gre under linux, simply because if you are using a recent version of the kernel, you will not need to patch or compile any external (non in-kernel) modules such as ip_wccp.
/etc/sysctl.conf
net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 0 kernel.sysrq = 0
Executed "sysctl -p"
Squid.conf ---------
wccp_version 4 wccp_router 203.157.193.81
http_port 3128
-------------------
In squid machine (203.157.193.82)
iptunnel add gre1 mode gre remote 203.157.193.81 local 203.157.193.82 dev eth0
ifconfig gre1 127.0.0.2 up
iptables -t nat -A PREROUTING -d ! 203.157.193.82 -i gre1 -p tcp --dport 80 -j DNAT --to 203.157.193.82:3128
try:
iptables -t nat -A prerouting -d ! 203.157.193.82 -p tcp --dport 80 -j DNAT --to 203.157.193.82:3128
You may also want to expand your '!' section to include your local network, as I assume you don't really want to redirect locally hosted content to your cache.
when i telnet visolve.com from the client system : 203.157.193.86 i get the following output in the tcpdump. but no entries in the
access.log
I have aslo tried REDIRECT instead of DNAT failed.
I think you're already on the right track, just make some small changes.
Reuben
