On Sun, 24 Feb 2008, Adrian Chadd wrote:
> There's only a small number of things you have to do to setup WCCPv2.
>
> * configure/compile squid with the relevant transparent interception option.
> For you its --enable-linux-netfilter IIRC.
> * enable ip forwarding in linux
> * create gre
> * point GRE endpoint at your router's WCCPv2 routerid - use a loopback
> interface on the Cisco for now, that'll make it much, much more predictable
> as the wccpv2 routerid is then always loopback id
> * for ease of testing, make sure no iptables rules exist, then add:
>
> iptables -A PREROUTING -i <gre interface> -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
>
I have much simpler setup working on CentOS x86_64 2.6.23 and cisco
7204VXR IOS version 12.2(46a). squid version 2.6 STABLE17:
* recompile kernel with CONFIG_NET_IPGRE=m
* compile squid with wccpv2 support
* setup gre0 interface with some unused private IP assigned to it
* intercept in iptables :-
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128
As Henrik suggested me during this setup, IPGRE module in kernel
automatically decapsulates the gre packets on the gre0 interface and it
has been doing it so far.
gre0 Link encap:UNSPEC HWaddr
00-00-00-00-FF-F8-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.172.2 Mask:255.255.255.252
UP RUNNING NOARP MTU:1476 Metric:1
RX packets:1970129052 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:3666 dropped:0 overruns:0 carrier:0
collisions:3666 txqueuelen:0
RX bytes:305795313631 (284.7 GiB) TX bytes:0 (0.0 b)
[root@dns2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-gre0
DEVICE=gre0
BOOTPROTO=static
BROADCAST=192.168.172.3
IPADDR=192.168.172.2
NETMASK=255.255.255.252
NETWORK=192.168.172.0
ONBOOT=yes
TYPE=Ethernet
This setup has been working nicely for me.
Manoj
>
>
>
> Adrian
>
--Received on Sun Feb 24 2008 - 23:53:23 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST