[squid-users] Issues with Debian, Squid and WCCP

From: Andrew Yoward <[email protected]>
Date: Thu, 13 Jul 2006 17:17:24 +0100

Greetings,

I am wondering if you could shed some light on a rather tricky issue
that I am having. I have a local education authority who are
experiencing a lot of traffic on their internet pipe and often find that
it is used to the max. We are wanting to introduce a transparent cache
for http and so we thought that Squid and WCCP would be the answer to
our prayers, but I am having great difficulty in getting any traffic to
go through the Squid. Here is what I am trying to do in the lab.
My client has no setting in Firefox for a proxy and is on
192.168.250.1/24 and gw is 192.168.250.254. I have a Cisco 2600 router
with two FE ports. One is configured with 192.168.250.254/24, the other
is configured as 10.3.65.4/24. It is running IOS 12.3(6c). My proxy is
built on Debian Sarge and a 2.6.8 kernel. Squid is version
2.5.9-10sarge2. The proxy has 10.3.65.3/24 and gw is 10.3.65.254. I
have gone through all the FAQs and other literature I can find regarding
what I'm trying to do. I have enabled WCCP version 1 on the 2600. I
have done ip wccp web-cache redirect in on the 192 side and I have
swapped it round to redirect out on the 10 side, during my
troubleshooting. I know that the Squid and the router are communicating
as I get the packet exchange on port 2048 with no trouble. I have
configured the squid.conf as shown in the FAQs, I have also added the
needed prerouting line in firewall.up for IPTables to redirect port 80
traffic to 3128. I have compiled the WCCP module, modprobed it and it
is listed in lsmod. I also did all the GRE tunnelling stuff. When I
try from my client to reach a web page, if I watch the nat on IPTables,
I can see the packets hitting the rule to forward to 3128, but nothing
happens at the client. If I use lynx on the squid, and set it's proxy
to localhost, I can get web pages fine, so I know squid is working
correctly. Having run tcpdump, I can see WCCP packets coming across
from the router, but it seems that either the encapsulation is not being
stripped off when the packet hits, or squid doesn't know what to do with
it when it is passed. There is no entry in the squid access.log to tell
me anything. The syslog is spurious. At first, it identified the
source as 10.3.65.4 and destination of .3 but also complained about
protocol 47. After I enabled protocol 47 and port 1723 in iptables, it
then identified the source as 192.168.250.1 but still I got no joy with
http content being passed back. I am at a loss now as to what I may be
doing wrong. Whether the GRE tunnel isn't right, whether IPtables is
the issue, or the WCCP module. I am hoping that someone may be able to
shed some light.

I would of course be very grateful for any help that you could offer and
if I can answer any questions, or if I have not given enough
information, please let me know.

Best regards,

Andrew Yoward
YHGfL Foundation
www.yhgfl.net
Received on Thu Jul 13 2006 - 10:18:28 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT