Henrik,
I will give that a shot. Is there any reason why this isn't in the FAQ?
This is the first place i checked when my config didn't work.
Thanks,
Bryan
On Wed, 2006-07-19 at 10:04 -0400, Henrik Nordstrom wrote:
> ons 2006-07-19 klockan 07:25 +0700 skrev tino:
> > RE: [squid-users] 2.6S1 WCCP2 problems http_port 3128 transparent
> > vhost vport=80
>
> why vhost and vport=80? These are for accelerator/reverse proxy mode,
> not Internet proxies.. The transparent keyword takes care of all which
> is needed in transparent interception.
>
>
> > #-at squid:
> > insmod ip_gre
> > ifconfig gre0 up
> > ip addr add 172.0.0.2 255.255.255.252 dev gre0
>
> I would say it's better to create a new GRE tunnel for the router.
>
> ip tunnel add wccp mode gre remote ip.of.router
> ip addr add proxy.server.ip/32 dev wccp
> ip link set wccp up
>
> and intercepted packets redirected by the router should be coming in on
> the virtual wccp interface, where they can easily be redirected to Squid
>
> iptables -t nat -A PREROUTING -i wccp -p tcp -j REDIRECT --to 3128
>
> You quite likely also need to disable reverse-path lookups on the wccp
> interface
>
> echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter
>
>
> IP forwarding does not need to be enabled.
>
> Regards
> Henrik
Received on Wed Jul 19 2006 - 13:53:41 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT