Re: [squid-users] squid in load balanced wccpv2 configuration

Sun, 09 May 2010 03:55:35 -0700 

Jiffy 1111 wrote:

Hi, all,

In a nutshell, I am trying to install squid as a third proxy to alleviate some 
pressure from our two Bluecoat proxies into a currently working wccpv2 
configuration.
We now have 5000+ users.

My current squid configuration works perfectly fine in explicit mode.
The problem I am having, is that squid can't seem to join the wccp service 
groups.
I've tried the configuration examples from 
http://wiki.squid-cache.org/ConfigExamples/ to no avail.

We have two Cisco 6513's in our core and we are using wccp to load balance 
between the proxies.

I'm posting my sanitized configs hoping someone can shed some light on this and 
show me what my squid.conf, iptables and network interfaces should look like.
I would also appreciate any recommended settings for memory and disk use based 
on the hardware spec I am posting. This server will be dedicated to squid.

Server:
cat /etc/redhat-release
Fedora release 12 (Constantine)

rpm -qa squid
squid-3.1.1-1.fc12.i686

4 x Intel(R) Xeon(R) CPU 5160  @ 3.00GHz

free -m
     total
Mem: 7991 
600 Gig on /var

ip tunnel add wccp1 mode gre remote x.x.0.1 local x.x.1.77 dev eth0
ifconfig wccp1 inet x.x.1.76 netmask 255.255.255.192 up

ifconfig
eth0
inet addr:x.x.1.77  Bcast:x.x.1.127  Mask:255.255.255.192

wccp1
inet addr:x.x.1.76  P-t-P:x.x.1.76  Mask:255.255.255.192

iptables:
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter
iptables -F -t nat
iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 80 -j DNAT 
--to-destination x.x.1.77:55555
iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 20 -j DNAT 
--to-destination x.x.1.77:20
iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 21 -j DNAT 
--to-destination x.x.1.77:21
iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 443 -j DNAT 
--to-destination x.x.1.77:443
iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 1755 -j DNAT 
--to-destination x.x.1.77:1755
iptables -t nat -A PREROUTING -i wccp1 -p tcp -m tcp --dport 7070 -j DNAT 
--to-destination x.x.1.77:7070
DNAT used on TCP links (only) with no sign of a matching source fix-up. (MASQUERADE or SNAT). 

Everything else looks good at a quick glance.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.3

Reply via email to