Re: [squid-users] WCCP Howto RHEL3.1 w/ 2.4.x kernel

From: Chad Harrelson <[email protected]>
Date: Tue, 14 Nov 2006 09:39:12 -0500

Henrik,
  I don't see a gre tunnel being created in your script is this
because a gre tunnel is not necessary? (ex. iptunnel add gre1 mode gre
remote 150.125.125.98 local 150.125.125.114 dev eth0 )

Thanks,

-- Chad

On 11/14/06, Henrik Nordstrom <henrik@henriknordstrom.net> wrote:
> tis 2006-11-14 klockan 14:53 +0800 skrev Adrian Chadd:
> > On Mon, Nov 13, 2006, Chad Harrelson wrote:
> > > Thanks Adrian, however, I have a requirement to make this work on the
> > > my current version of squid (2.5) so WCCP v.1 will have to do.
> >
> > Ah. Grr, Redhat needs to test and upgrade their Squid packages already.
>
> There is unofficial current "bleeding edge" RHEL Squid packages
> available from RedHat, or more precisely from the Squid package
> maintainer at RedHat. The URL can be found in the squid-users archives.
>
> > I've done it for each interface just in case.
>
> I know for certain from both theory and practice that it's sufficient to
> disable rp_filter on the created gre tunnel interface.
>
> Here is an example script setting up all networking level parameters
> needed for WCCP/WCCP2 using ip_gre:
>
> #!/bin/sh
> # Set this to the public/primary IP of the WCCP router
> ROUTER=10.0.0.1
> iptables-restore <<EOF
> *nat
> :INTERCEPT -
> :PREROUTING ACCEPT
> :POSTROUTING ACCEPT
> :OUTPUT ACCEPT
> -A PREROUTING -j INTERCEPT
> COMMIT
> EOF
>
> ip link set wccp down 2>/dev/null
> ip tunnel del wccp 2>/dev/null
>
> ipaddr=`/sbin/ip addr show dev eth0 | awk '/inet / {print $2}'`
> ip=`echo $ipaddr | cut -d/ -f1`
> ip tunnel add wccp dev eth0 mode gre remote $ROUTER
> ip addr add $ip/32 dev wccp
> echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter
> echo 1 >/proc/sys/net/ipv4/ip_forward
> ip link set wccp up
>
> iptables -t nat -F INTERCEPT
> iptables -t nat -A INTERCEPT -i wccp -p tcp -j REDIRECT --to-ports 3128
> #END
>
> This script assumes the WCCP router is on the eth0 interface. Modify as
> needed if your network layout is different.
>
> Regards
> Henrik
>
>
Received on Tue Nov 14 2006 - 07:39:24 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST