Re: [squid-users] 2.6S1 WCCP2 problems

ons 2006-07-19 klockan 07:25 +0700 skrev tino:
> RE: [squid-users] 2.6S1 WCCP2 problems http_port 3128 transparent
> vhost vport=80

why vhost and vport=80? These are for accelerator/reverse proxy mode,
not Internet proxies.. The transparent keyword takes care of all which
is needed in transparent interception.

> #-at squid:
> insmod ip_gre
> ifconfig gre0 up
> ip addr add 172.0.0.2 255.255.255.252 dev gre0

I would say it's better to create a new GRE tunnel for the router.

ip tunnel add wccp mode gre remote ip.of.router
ip addr add proxy.server.ip/32 dev wccp
ip link set wccp up

and intercepted packets redirected by the router should be coming in on
the virtual wccp interface, where they can easily be redirected to Squid

iptables -t nat -A PREROUTING -i wccp -p tcp -j REDIRECT --to 3128

You quite likely also need to disable reverse-path lookups on the wccp
interface

echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter

IP forwarding does not need to be enabled.

Regards
Henrik