As first step, I reccomend you check GRE. Turn off wccp on your router, configure and test GRE tunnel interface between cisco and squid box. I heard, that FreeBSD 4.9 and 5.1 has broken GRE.
> On Mon, Jan 26, 2004 at 01:42:30PM +1030, Adam Smith said: > > On Sun, Jan 25, 2004 at 11:46:34PM +0200, Roman Synyuk said: > > > Hello. > > > > > > You need to configure forwarding incoming packets from GRE interface > > > to squid process: > > > > > > # ipfw add fwd 127.0.0.1,3128 ip from any to any via gre0 in > > > # ipfw add permit ip from any to any > > > > I tried this, however I'm still not seeing it work, and now I have more > > questions! > > > > IPFW: > > > > I am now counting any packets on my GRE rule: > > Sorry, "now" should read "not". > > > 01300 0 0 fwd 127.0.0.1,3128 ip from any to any via gre0 in > > > > I'm also not entirely sure at which level of my firewall rules I should be > > inserting this rule. I've tried just before "allow ip from me to any" and > > I've tried right at the very start but still, no packets are counted. > > > > CISCO 837: > > > > Which interface am I actually supposed to be running the WCCP redirect on? > > I'm starting to think it should be on my Ethernet0 interface, as this is > > where the GRE tunnel ends. It sorta makes better sense. Adding the > > wccp-redirect lines to it doesn't make any difference though -- users can > > still get out without anything going back to the proxy. > > > > If users are getting through, does this mean the wccp redirect is failing > > at the router end? > > > > Thanks for any pointers. > >
