Hello,
Am having trouble getting WCCP2 to work with a Cisco 1800 series router.
The problem I have noticed is traffic sent to the squid box with a
private IP. The output of netstat:
netstat -ntlpua
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address���������� Foreign Address
State������ PID/Program name
tcp������� 0����� 0 SQUID_PUBLIC_IP:3128����� 0.0.0.0:*
LISTEN����� 17232/(squid)
tcp������� 0����� 0 SQUID_PUBLIC_IP:3128����� 10.10.10.2:59504
SYN_RECV��� -
tcp������� 0����� 0 SQUID_PUBLIC_IP:3128����� 10.10.10.2:59505
SYN_RECV��� -
tcp������� 0����� 0 SQUID_PUBLIC_IP:3128����� 10.10.10.2:51024
SYN_RECV��� -
udp������ 0 ���� 0 SQUID_PUBLIC_IP:2048����� ROUTER_PUBLIC_IP:2048
ESTABLISHED 17232/(squid)
Below are my configurations
Router:
!
ip wccp web-cache redirect-list 120 group-list 2
!
interface FastEthernet0/0
description LAN Gateway
ip address 10.10.10.1 255.255.255.0
ip wccp web-cache redirect in
...
!
interface FastEthernet0/1
description Internet Uplink
ip address <ROUTER_PUBLIC_IP>
!
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 permit <SQUID_PUBLIC_IP>
access-list 120 deny�� ip host <SQUID_PUBLIC_IP> any
access-list 120 permit tcp 10.10.10.0 0.0.0.255 any eq www
access-list 120 deny�� ip any any
!
Squid Box:
----------------------------- /etc/squid/squid.conf --------
http_port 41.221.49.249:3128 intercept
wccp2_router <ROUTER_PUBLIC_IP>
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_service standard 0
wccp_version 2
...
----------------------------End squid.conf ------------------
---------------------------Network settings ----------------
/sbin/ip link set wccp0 mtu 1476
/sbin/ip tunnel add wccp0 mode gre remote <ROUTER_IP_PUBLIC_IP> local
<SQUID_PUBLIC_IP> eth0
/sbin/ip addr add <SQUID_PUBLIC_IP> dev wccp0
/sbin/ip link set wccp0 up
/sbin/sysctl -w net.ipv4.conf.wccp0.rp_filter=0
/sbin/sysctl -w net.ipv4.conf.eth0.rp_filter=0
----------------------------End network -----------------------------
How can I get the router to send traffic using the public IP instead
of the private IP?
Any help will be greatly appreciated as this has had me plastered for
a while now.
Daniel
Received on Sat May 21 2011 - 21:57:08 MDT
This archive was generated by hypermail 2.2.0 : Mon May 23 2011 - 12:00:02 MDT