<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr">
<p>Sorry, I didn't see your original reply. </p>
<p><br>
</p>
<p>I will look into these issues and troubleshoot further, thank you.</p>
<p><br>
</p>
<p>Cooper</p>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> squid-users <squid-users-bounces@lists.squid-cache.org> on behalf of squid-users-request@lists.squid-cache.org <squid-users-request@lists.squid-cache.org><br>
<b>Sent:</b> Tuesday, March 21, 2017 3:14 PM<br>
<b>To:</b> squid-users@lists.squid-cache.org<br>
<b>Subject:</b> squid-users Digest, Vol 31, Issue 67</font>
<div> </div>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">Send squid-users mailing list submissions to<br>
squid-users@lists.squid-cache.org<br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=S%2BTxOG9DaQkq8MDxF5obmrM4R%2BtekaFg8S4fXUlynec%3D&reserved=0">
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=S%2BTxOG9DaQkq8MDxF5obmrM4R%2BtekaFg8S4fXUlynec%3D&reserved=0</a><br>
or, via email, send a message with subject or body 'help' to<br>
squid-users-request@lists.squid-cache.org<br>
<br>
You can reach the person managing the list at<br>
squid-users-owner@lists.squid-cache.org<br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of squid-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Assistance with WCCPv2 Setup with Cisco Router (Yuri Voinov)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Wed, 22 Mar 2017 01:14:19 +0600<br>
From: Yuri Voinov <yvoinov@gmail.com><br>
To: squid-users@lists.squid-cache.org<br>
Subject: Re: [squid-users] Assistance with WCCPv2 Setup with Cisco<br>
Router<br>
Message-ID: <d33498f4-3dfc-4fe2-2a35-3a64f4a08d24@gmail.com><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Ah, forgot about this:<br>
<br>
<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.squid-cache.org%2FConfigExamples%2FIntercept&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=EPs3eDmARBmwyp8VES4Ret7aO8ZlIQ7H1LRZKC7lUQQ%3D&reserved=0">https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.squid-cache.org%2FConfigExamples%2FIntercept&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=EPs3eDmARBmwyp8VES4Ret7aO8ZlIQ7H1LRZKC7lUQQ%3D&reserved=0</a><br>
<br>
<br>
22.03.2017 1:04, Waldon, Cooper ïèøåò:<br>
><br>
> Hello All,<br>
><br>
> <br>
><br>
> I’m trying to set up a transparent proxy for http and https using<br>
> Cisco Routers and Squid. I have followed the configuration examples<br>
> that are listed under the wccp2 overview section<br>
> (<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.squid-cache.org%2FFeatures%2FWccp2&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=kEcy58RMI6q8cV0SzQacGAjm6q5NsSGO%2By8PRmvUf5w%3D&reserved=0">https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.squid-cache.org%2FFeatures%2FWccp2&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=kEcy58RMI6q8cV0SzQacGAjm6q5NsSGO%2By8PRmvUf5w%3D&reserved=0</a>)
of the squid wiki but I’m<br>
> still having some issues.<br>
><br>
> <br>
><br>
> I have a little lab set up with a Cisco 7200 Router and a VM with<br>
> CentOS running the proxy.<br>
><br>
> <br>
><br>
> The “WAN” IP of the Router is 192.168.0.23. The IP of the Squid Proxy<br>
> is 192.168.0.24 and both have the default gateway of 192.168.0.1 which<br>
> is the “ISP”<br>
><br>
> <br>
><br>
> The Client is sitting on a LAN behind the Router in the 10.10.10.0/24<br>
> subnet and is also sitting behind nat.<br>
><br>
> <br>
><br>
> I believe that the router and proxy are communicating properly based<br>
> on the information in the show ip wccp command on the router as it<br>
> shows clients and routers as well as showing that packets are being<br>
> forwarded:<br>
><br>
> <br>
><br>
> R3#show ip wccp<br>
><br>
> Global WCCP information:<br>
><br>
> Router information:<br>
><br>
> Router Identifier: 192.168.0.23<br>
><br>
> Configured source-interface: GigabitEthernet5/0<br>
><br>
> <br>
><br>
> Service Identifier: web-cache<br>
><br>
> Protocol Version: 2.00<br>
><br>
> Number of Service Group Clients: 1<br>
><br>
> Number of Service Group Routers: 1<br>
><br>
> Total Packets Redirected: 1079<br>
><br>
> Process: 0<br>
><br>
> CEF: 1079<br>
><br>
> Service mode: Open<br>
><br>
> Service Access-list: -none-<br>
><br>
> Total Packets Dropped Closed: 0<br>
><br>
> Redirect access-list: 100<br>
><br>
> Total Packets Denied Redirect: 0<br>
><br>
> Total Packets Unassigned: 0<br>
><br>
> Group access-list: 10<br>
><br>
> Total Messages Denied to Group: 0<br>
><br>
> Total Authentication failures: 0<br>
><br>
> Total GRE Bypassed Packets Received: 0<br>
><br>
> Process: 0<br>
><br>
> CEF: 0<br>
><br>
> GRE tunnel interface: Tunnel1<br>
><br>
> <br>
><br>
> Service Identifier: 70<br>
><br>
> Protocol Version: 2.00<br>
><br>
> Number of Service Group Clients: 1<br>
><br>
> Number of Service Group Routers: 1<br>
><br>
> Total Packets Redirected: 500<br>
><br>
> Process: 0<br>
><br>
> CEF: 500<br>
><br>
> Service mode: Open<br>
><br>
> Service Access-list: -none-<br>
><br>
> Total Packets Dropped Closed: 0<br>
><br>
> Redirect access-list: 100<br>
><br>
> Total Packets Denied Redirect: 0<br>
><br>
> Total Packets Unassigned: 0<br>
><br>
> Group access-list: 10<br>
><br>
> Total Messages Denied to Group: 0<br>
><br>
> Total Authentication failures: 0<br>
><br>
> Total GRE Bypassed Packets Received: 0<br>
><br>
> Process: 0<br>
><br>
> CEF: 0<br>
><br>
> GRE tunnel interface: Tunnel0<br>
><br>
> <br>
><br>
> Here is the relevant squid wccp configuration:<br>
><br>
> <br>
><br>
> ----Output removed----<br>
><br>
> # Squid normally listens to port 3128<br>
><br>
> http_port 3128<br>
><br>
> http_port 0.0.0.0:3129<br>
><br>
> <br>
><br>
> # WCCPv2 Parameters<br>
><br>
> wccp2_router 192.168.0.23<br>
><br>
> wccp2_forwarding_method 1<br>
><br>
> wccp2_return_method 1<br>
><br>
> wccp2_assignment_method hash<br>
><br>
> wccp2_service standard 0<br>
><br>
> wccp2_service dynamic 70<br>
><br>
> wccp2_service_info 70 protocol=tcp<br>
> flags=dst_ip_hash,src_ip_alt_hash,src_port_alt_hash priority=231 ports=443<br>
><br>
> <br>
><br>
> ---Output remove----<br>
><br>
> <br>
><br>
> I think that the issue lies with the iptables configuration as I do<br>
> not see any packets been processed in the nat table. I have tried a<br>
> few different methods such as:<br>
><br>
> <br>
><br>
> iptables -t nat -A PREROUTING -i wccp0 -p tcp –dport 80 -j REDIRECT<br>
> –to-port 3129<br>
><br>
> iptables -t nat -A PREROUTING -i wccp0 -p tcp –dport 443 -j REDIRECT<br>
> –to-port 3129<br>
><br>
> iptables -t nat -A POSTROUTING -j MASQUERADE<br>
><br>
> <br>
><br>
> or<br>
><br>
> <br>
><br>
> iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to-destination<br>
> 192.168.0.24:3129<br>
><br>
> iptables -t nat -A PREROUTING -p tcp –dport 443 -j DNAT<br>
> –to-destination 192.168.0.24:3129<br>
><br>
> iptables -t nat -A POSTROUTING -j MASQUERADE<br>
><br>
> <br>
><br>
> I have also tried adding ACCEPT commands to the PREROUTING zone just<br>
> in case the proxy is dropping the packets right away but that also<br>
> doesn’t work.<br>
><br>
> <br>
><br>
> The proxy functions perfectly when the client is configured to use a<br>
> proxy so there doesn’t appear to be any issues with routing or<br>
> anything like that, it’s just the transparent proxying that isn’t working.<br>
><br>
> <br>
><br>
> If anyone has any suggestions of what I could try that would be<br>
> greatly appreciated. Let me know if anything is unclear or if you<br>
> need further clarification.<br>
><br>
> <br>
><br>
> Thank you,<br>
><br>
> Cooper Waldon<br>
><br>
> <br>
><br>
> <br>
><br>
> *Cooper Waldon** **l **Network<br>
> Engineer** **l****OTN****l****416-446-4110 x 4473 **l** **www.otn.ca*<br>
> <<a href="http://www.otn.ca/">http://www.otn.ca/</a>>***|****Service Desk 1-855-654-0888 x2*<br>
><br>
> <br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> squid-users@lists.squid-cache.org<br>
> <a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=S%2BTxOG9DaQkq8MDxF5obmrM4R%2BtekaFg8S4fXUlynec%3D&reserved=0">
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=S%2BTxOG9DaQkq8MDxF5obmrM4R%2BtekaFg8S4fXUlynec%3D&reserved=0</a><br>
<br>
-- <br>
Bugs to the Future<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20170322%2F19763217%2Fattachment.html&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=%2BdRlah9JgnWfvUSTiulB%2BaTWQXY%2BNmyP%2BsAa4A%2FXL%2BU%3D&reserved=0">https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20170322%2F19763217%2Fattachment.html&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=%2BdRlah9JgnWfvUSTiulB%2BaTWQXY%2BNmyP%2BsAa4A%2FXL%2BU%3D&reserved=0</a>><br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: 0x613DEC46.asc<br>
Type: application/pgp-keys<br>
Size: 2437 bytes<br>
Desc: not available<br>
URL: <<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20170322%2F19763217%2Fattachment.key&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=CnmuhfgaBl5NFNuEp0C9VqbOuFAhlX32zIehczGNRl8%3D&reserved=0">https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20170322%2F19763217%2Fattachment.key&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=CnmuhfgaBl5NFNuEp0C9VqbOuFAhlX32zIehczGNRl8%3D&reserved=0</a>><br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: signature.asc<br>
Type: application/pgp-signature<br>
Size: 473 bytes<br>
Desc: OpenPGP digital signature<br>
URL: <<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20170322%2F19763217%2Fattachment.sig&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=z1x4mb0FAeJqa0WPXZdnHuKgXc8BLAVL6INMTfquOaY%3D&reserved=0">https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20170322%2F19763217%2Fattachment.sig&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=z1x4mb0FAeJqa0WPXZdnHuKgXc8BLAVL6INMTfquOaY%3D&reserved=0</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=S%2BTxOG9DaQkq8MDxF5obmrM4R%2BtekaFg8S4fXUlynec%3D&reserved=0">https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=S%2BTxOG9DaQkq8MDxF5obmrM4R%2BtekaFg8S4fXUlynec%3D&reserved=0</a><br>
<br>
<br>
------------------------------<br>
<br>
End of squid-users Digest, Vol 31, Issue 67<br>
*******************************************<br>
</div>
</span></font></div>
</div>
</body>
</html>