[squid-users] help for my intercept proxy setup
maileh
maile.halatuituia at tcc.to
Tue Apr 26 21:05:00 UTC 2016
Hi
Here is my router wccp config
In global config i enable ip wccp
#ip wccp web-cache redirect-list WCCP_HTTP
#ip wccp 70 redirect-list WCCP_HTTPS
Interface facing my Clients and also Squid is in the same subnet
int g0/0.904
ip wccp web-cache redirect out
ip wccp 70 redirect out.
Verification
#sh ip wccp sum
WCCP version 2 enabled, 2 services
Service Clients Routers Assign Redirect Bypass
------- ------- ------- ------ -------- ------
Default routing table (Router Id: x.x.x.x):
web-cache 1 1 HASH GRE GRE
70 1 1 HASH GRE GRE
#sh tunnel groups wccp
WCCP : service group 0 in "Default", ver v2, assgnmnt: hash-table
intf: Tunnel2, locally sourced
WCCP : service group 326 in "Default", ver v2, assgnmnt: hash-table
intf: Tunnel0, locally sourced
#sh adjacency tunnel 0 detail
Protocol Interface Address
IP Tunnel0 10.240.0.30(3)
connectionid 1
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 31
Encap length 28
4500000000000000FF2FC732CA861F08
0AF0001E0000883E01460000
Tun endpt
Next chain element:
IP adj out of GigabitEthernet0/0.904,
addr 10.240.0.30
#sh adjacency tunnel 2 detail
Protocol Interface Address
IP Tunnel2 10.240.0.30(3)
connectionid 1
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 32
Encap length 28
4500000000000000FF2FC732CA861F08
0AF0001E0000883E00000000
Tun endpt
Next chain element:
IP adj out of GigabitEthernet0/0.904,
addr 10.240.0.30
#sh ip wccp web-cache detail
WCCP Client information:
WCCP Client ID: 10.240.0.30
Protocol Version: 2.0
State: Usable
Redirection: GRE
Packet Return: GRE
Assignment: HASH
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets s/w Redirected: 0
Connect Time: 00:08:42
GRE Bypassed Packets
Process: 0
CEF: 0
Errors: 0
If you can see all seems to be established between the router and squid box
but no PACKET has been redirected.
For my IOS
ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
It's been over two weeks now and i seems to looking everywhere but no luck.
Also here is my iptables rules for you info whch run on ubuntu 14.04 with
squid
# squid -v
Squid Cache: Version 3.5.16
Service Name: squid
Intercept/WCCPv2/LibreSSL/CRTD/(A)UFS/DISKD/ROCK/eCAP/64/GCC Production
configure options: '--prefix=/usr/local' '--enable-translation'
'--enable-external-acl-helpers=none' '--enable-storeio=ufs,aufs,diskd,rock'
'--enable-removal-policies=lru,heap' '--enable-wccp2'
'--enable-follow-x-forwarded-for' '--enable-cache-digests'
'--enable-auth-negotiate=none' '--disable-auth-digest' '--disable-auth-ntlm'
'--disable-url-rewrite-helpers' '--enable-storeid-rewrite-helpers=file'
'--enable-log-daemon-helpers=file' '--with-openssl=/usr/local'
'--enable-ssl' '--enable-ssl-crtd' '--enable-zph-qos' '--enable-snmp'
'--enable-inline' '--with-dl' '--with-build-environment=POSIX_V6_LP64_OFF64'
'CFLAGS=-O3 -m64 -pipe' 'CXXFLAGS=-O3 -m64 -pipe'
'LIBOPENSSL_CFLAGS=-I/usr/local/include'
'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig' '--disable-strict-error-checking'
'--enable-build-info=Intercept/WCCPv2/LibreSSL/CRTD/(A)UFS/DISKD/ROCK/eCAP/64/GCC
Production'
IPtables Rules for redirection to squid ports
-A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3127
-A PREROUTING -i wccp0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129
-A POSTROUTING -j MASQUERADE
Appreciate you kind asistance ....
hanks in advance
Maile
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/help-for-my-intercept-proxy-setup-tp4677279.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list