[squid-users] Squid and WCCP2 with cisco 1800 series router

From: Tux Mason <tuxmason_at_gmail.com>
Date: Mon, 23 May 2011 09:39:45 +0300

Hello Amos,

Thanks for the prompt reply.

The only NAT I have in place is on the router and squid box. On the
router I have

ip nat inside source list 1 interface FastEthernet0/1 overload

and on the squid box I have,

iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j
DNAT --to-destination <SQUID_PUBLIC_IP>:3128
iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 8000 -j
DNAT --to-destination <SQUID_PUBLIC_IP>:3128
iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 8080 -j
DNAT --to-destination <SQUID_PUBLIC_IP>:3128

Much as the client request gets to the squid box, nothing is written
to squid's access.log. I receive connection timeouts
when I try surfing on one of the client machines.

Using squid 3.1.12 on Slackware 13.1.

> You seem to mistake how WCCP works. It is a tunnel, where the HTTP packets
> entering the Cisco router get sent *unchanged* to the Squid box for
> handling. Exactly as if you had plugged the Squid box in as a second router
> or bridge between the Cisco and clients.
>
> Don't worrying about it. The global connections will go back to the Cisco
> with the Squid box IP and then go through whatever border NAT you have in
> place. The private client IP will never touch the global Internet directly.
>
> As it stands you can track the internal LAN PC behaviour directly from the
> Squid logs without having to record and lookup NAT conversions after the
> fact.
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE9 or 3.1.12
>  Beta testers wanted for 3.2.0.7 and 3.1.12.1
>
Received on Mon May 23 2011 - 06:39:53 MDT

This archive was generated by hypermail 2.2.0 : Mon May 23 2011 - 12:00:02 MDT