[squid-users] Assistance with WCCPv2 Setup with Cisco Router
Waldon, Cooper
cwaldon at otn.ca
Wed Mar 22 02:28:31 UTC 2017
Sorry, I didn't see your original reply.
I will look into these issues and troubleshoot further, thank you.
Cooper
________________________________
From: squid-users <squid-users-bounces at lists.squid-cache.org> on behalf of squid-users-request at lists.squid-cache.org <squid-users-request at lists.squid-cache.org>
Sent: Tuesday, March 21, 2017 3:14 PM
To: squid-users at lists.squid-cache.org
Subject: squid-users Digest, Vol 31, Issue 67
Send squid-users mailing list submissions to
squid-users at lists.squid-cache.org
To subscribe or unsubscribe via the World Wide Web, visit
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=S%2BTxOG9DaQkq8MDxF5obmrM4R%2BtekaFg8S4fXUlynec%3D&reserved=0
or, via email, send a message with subject or body 'help' to
squid-users-request at lists.squid-cache.org
You can reach the person managing the list at
squid-users-owner at lists.squid-cache.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of squid-users digest..."
Today's Topics:
1. Re: Assistance with WCCPv2 Setup with Cisco Router (Yuri Voinov)
----------------------------------------------------------------------
Message: 1
Date: Wed, 22 Mar 2017 01:14:19 +0600
From: Yuri Voinov <yvoinov at gmail.com>
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Assistance with WCCPv2 Setup with Cisco
Router
Message-ID: <d33498f4-3dfc-4fe2-2a35-3a64f4a08d24 at gmail.com>
Content-Type: text/plain; charset="utf-8"
Ah, forgot about this:
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.squid-cache.org%2FConfigExamples%2FIntercept&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=EPs3eDmARBmwyp8VES4Ret7aO8ZlIQ7H1LRZKC7lUQQ%3D&reserved=0
22.03.2017 1:04, Waldon, Cooper пишет:
>
> Hello All,
>
>
>
> I’m trying to set up a transparent proxy for http and https using
> Cisco Routers and Squid. I have followed the configuration examples
> that are listed under the wccp2 overview section
> (https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.squid-cache.org%2FFeatures%2FWccp2&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=kEcy58RMI6q8cV0SzQacGAjm6q5NsSGO%2By8PRmvUf5w%3D&reserved=0) of the squid wiki but I’m
> still having some issues.
>
>
>
> I have a little lab set up with a Cisco 7200 Router and a VM with
> CentOS running the proxy.
>
>
>
> The “WAN” IP of the Router is 192.168.0.23. The IP of the Squid Proxy
> is 192.168.0.24 and both have the default gateway of 192.168.0.1 which
> is the “ISP”
>
>
>
> The Client is sitting on a LAN behind the Router in the 10.10.10.0/24
> subnet and is also sitting behind nat.
>
>
>
> I believe that the router and proxy are communicating properly based
> on the information in the show ip wccp command on the router as it
> shows clients and routers as well as showing that packets are being
> forwarded:
>
>
>
> R3#show ip wccp
>
> Global WCCP information:
>
> Router information:
>
> Router Identifier: 192.168.0.23
>
> Configured source-interface: GigabitEthernet5/0
>
>
>
> Service Identifier: web-cache
>
> Protocol Version: 2.00
>
> Number of Service Group Clients: 1
>
> Number of Service Group Routers: 1
>
> Total Packets Redirected: 1079
>
> Process: 0
>
> CEF: 1079
>
> Service mode: Open
>
> Service Access-list: -none-
>
> Total Packets Dropped Closed: 0
>
> Redirect access-list: 100
>
> Total Packets Denied Redirect: 0
>
> Total Packets Unassigned: 0
>
> Group access-list: 10
>
> Total Messages Denied to Group: 0
>
> Total Authentication failures: 0
>
> Total GRE Bypassed Packets Received: 0
>
> Process: 0
>
> CEF: 0
>
> GRE tunnel interface: Tunnel1
>
>
>
> Service Identifier: 70
>
> Protocol Version: 2.00
>
> Number of Service Group Clients: 1
>
> Number of Service Group Routers: 1
>
> Total Packets Redirected: 500
>
> Process: 0
>
> CEF: 500
>
> Service mode: Open
>
> Service Access-list: -none-
>
> Total Packets Dropped Closed: 0
>
> Redirect access-list: 100
>
> Total Packets Denied Redirect: 0
>
> Total Packets Unassigned: 0
>
> Group access-list: 10
>
> Total Messages Denied to Group: 0
>
> Total Authentication failures: 0
>
> Total GRE Bypassed Packets Received: 0
>
> Process: 0
>
> CEF: 0
>
> GRE tunnel interface: Tunnel0
>
>
>
> Here is the relevant squid wccp configuration:
>
>
>
> ----Output removed----
>
> # Squid normally listens to port 3128
>
> http_port 3128
>
> http_port 0.0.0.0:3129
>
>
>
> # WCCPv2 Parameters
>
> wccp2_router 192.168.0.23
>
> wccp2_forwarding_method 1
>
> wccp2_return_method 1
>
> wccp2_assignment_method hash
>
> wccp2_service standard 0
>
> wccp2_service dynamic 70
>
> wccp2_service_info 70 protocol=tcp
> flags=dst_ip_hash,src_ip_alt_hash,src_port_alt_hash priority=231 ports=443
>
>
>
> ---Output remove----
>
>
>
> I think that the issue lies with the iptables configuration as I do
> not see any packets been processed in the nat table. I have tried a
> few different methods such as:
>
>
>
> iptables -t nat -A PREROUTING -i wccp0 -p tcp –dport 80 -j REDIRECT
> –to-port 3129
>
> iptables -t nat -A PREROUTING -i wccp0 -p tcp –dport 443 -j REDIRECT
> –to-port 3129
>
> iptables -t nat -A POSTROUTING -j MASQUERADE
>
>
>
> or
>
>
>
> iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to-destination
> 192.168.0.24:3129
>
> iptables -t nat -A PREROUTING -p tcp –dport 443 -j DNAT
> –to-destination 192.168.0.24:3129
>
> iptables -t nat -A POSTROUTING -j MASQUERADE
>
>
>
> I have also tried adding ACCEPT commands to the PREROUTING zone just
> in case the proxy is dropping the packets right away but that also
> doesn’t work.
>
>
>
> The proxy functions perfectly when the client is configured to use a
> proxy so there doesn’t appear to be any issues with routing or
> anything like that, it’s just the transparent proxying that isn’t working.
>
>
>
> If anyone has any suggestions of what I could try that would be
> greatly appreciated. Let me know if anything is unclear or if you
> need further clarification.
>
>
>
> Thank you,
>
> Cooper Waldon
>
>
>
>
>
> *Cooper Waldon** **l **Network
> Engineer** **l****OTN****l****416-446-4110 x 4473 **l** **www.otn.ca*
> <http://www.otn.ca/>***|****Service Desk 1-855-654-0888 x2*
>
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=S%2BTxOG9DaQkq8MDxF5obmrM4R%2BtekaFg8S4fXUlynec%3D&reserved=0
--
Bugs to the Future
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20170322%2F19763217%2Fattachment.html&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=%2BdRlah9JgnWfvUSTiulB%2BaTWQXY%2BNmyP%2BsAa4A%2FXL%2BU%3D&reserved=0>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20170322%2F19763217%2Fattachment.key&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=CnmuhfgaBl5NFNuEp0C9VqbOuFAhlX32zIehczGNRl8%3D&reserved=0>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20170322%2F19763217%2Fattachment.sig&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=z1x4mb0FAeJqa0WPXZdnHuKgXc8BLAVL6INMTfquOaY%3D&reserved=0>
------------------------------
Subject: Digest Footer
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=S%2BTxOG9DaQkq8MDxF5obmrM4R%2BtekaFg8S4fXUlynec%3D&reserved=0
------------------------------
End of squid-users Digest, Vol 31, Issue 67
*******************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170322/18370430/attachment-0001.html>
More information about the squid-users
mailing list