[squid-users] Cant get WCCPv2 to work with Ubuntu 12.04 and Cisco 831 SOHO

Hello,
  I have been trying to get WCCPv2 and Ubuntu to talk now for about 2 days
and its driving be nutz! The GRE tunnel is established with my Cisco router
and Im revieving TCP port 80 requsest over it, but when tailing the message
log I never see anything in there. I confirned I was getting the packets
using tcpdump on the wccp0 interface. I believe it is a NAT redirect issue,
but cant seem ti figure out where. Please look at the following and let me
know if I am doing something wrong. Also, it works when I hard code my
browser to the Squid Proxy because I setup a test dstdomain and it blocked
it.

Thanks in advance!

Ubuntu 12.04:

modprobe ip_gre
ip tunnel add wccp0 mode gre remote 172.29.0.1 local 172.29.0.55 dev eth0
ifconfig wccp0 172.29.0.55 netmask 255.255.255.255 up
iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j DNAT
--to-destination 172.29.0.55:3128
echo 0 >/proc/sys/net/ipv4/conf/wccp0/rp_filter
echo 0 >/proc/sys/net/ipv4/conf/eth0/rp_filter
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
iptables -t nat -A POSTROUTING -j MASQUERADE

Squid 3.1:
root_at_dude-AOA150:~# more /etc/squid3/squid.conf
http_port 3128 transparent

wccp2_router 172.29.0.1
wccp_version 4
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service standard 0

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

acl manager url_regex -i ^cache_object:// +i
^https?://[^/]+/squid-internal-mgr/

acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl bad-sites dstdomain .nascar.com

http_access allow manager localhost
http_access deny bad-sites
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all

Cisco 831:
mustang-gt#sh run int e0
Building configuration...

Current configuration : 288 bytes
!
interface Ethernet0
 description connection to lan
 ip address 172.29.0.1 255.255.255.0
 ip access-group internal-ingress in
 ip wccp web-cache redirect in
 no ip redirects
 no ip unreachables
 ip nat inside
 ip inspect inbound in
 ip virtual-reassembly
 load-interval 30
end

mustang-gt#sh run | i wccp
ip wccp web-cache redirect-list 120

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Cant-get-WCCPv2-to-work-with-Ubuntu-12-04-and-Cisco-831-SOHO-tp4655712.html
Sent from the Squid - Users mailing list archive at Nabble.com.