Comments on: Transparent Squid with WCCP

By: Captnwalker1

Captnwalker1 — Thu, 05 Nov 2009 00:35:35 +0000

Im having the same problems Nuno did in the begining of the comments and cannot for the life of me figure out whats wrong, it seems to be something with the tunnel

root@ubuntu1:~# iptunnel
gre0: gre/ip remote any local any ttl inherit nopmtudisc
gre1: gre/ip remote 10.251.0.1 local 10.251.0.99 dev eth0 ttl inherit

root@ubuntu1:~# ifconfig gre0
gre0 Link encap:UNSPEC HWaddr 00-00-00-00-05-08-E0-E3-00-00-00-00-00-00-00-00
inet addr:127.0.0.3 Mask:255.0.0.0
UP RUNNING NOARP MTU:1476 Metric:1
RX packets:26 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1560 (1.5 KB) TX bytes:0 (0.0 B)

root@ubuntu1:~# ifconfig gre1
gre1 Link encap:UNSPEC HWaddr 0A-FB-00-63-05-08-E0-E3-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

root@ubuntu1:~# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp — anywhere anywhere tcp dpt:www to:127.0.0.1:3128

By: ricardoraul

ricardoraul — Tue, 27 Oct 2009 01:55:54 +0000

you dont need to configure the tunnel on cisco router, linux will initialize the GRE tunnel, i have this setup running on the compnay i work for. i you need any help please let me know.

By: Andy

Andy — Fri, 23 Oct 2009 16:28:09 +0000

It does not make the subject of this tutorial Ineb.

Andy

By: Ineb

Ineb — Fri, 23 Oct 2009 03:43:42 +0000

How about tunnel config on cisco router, is it not needed ? If needed, may i know the config sample.

thanks

By: Andy

Andy — Fri, 02 Oct 2009 12:45:00 +0000

Well there many theories on this subject. You may either use WPAD which means you should run two squid proxies or more OR a HA fail-over solution which may be either ultramonkey.org or linux-ha.org.
However you may simply combine the PAC with or w/o the WPAD since it’s the best practice out there.

Andy

By: Chris

Chris — Mon, 31 Aug 2009 04:08:02 +0000

If the squid server should be offline or the squid process dies, will the users’ port 80 requests automatically redirect to the “live” internet connection??

By: Andy

Andy — Wed, 22 Oct 2008 22:26:03 +0000

Hey Scott

You may want to check this cisco diagram:
http://www.cisco.com/en/US/i/100001-200000/110001-120000/115001-116000/115457.jpg

Regards
Andy

By: Scott

Scott — Thu, 25 Sep 2008 18:25:31 +0000

I’m curious on how the routing is handled with SQUID and WCCP2. I’ve installed a couple of WCCP2 servers using Bluecoat. But want to try using a much cheaper solution like SQUID. The previous hardware links looked like this:

UserWS———->Cisco———->Internet
|
|
WCCP Cache (Bluecoat)

However, all the configuration docs I’ve found for SQUID were the following:

UserWS——–>Cisco———->WCCPCache(Squid)——->Internet

Can anyone shed some light on the physical config? I’m going to be authenticating to my LDAP server (Win2003) but dont want to have open access to the unprotected network directly to my private side. In other words, I want to ensure the only device that can talk to the private side is the WCCPCache(Squid) itself.

Thanks for your help!

By: Nuno

Nuno — Mon, 15 Sep 2008 13:51:40 +0000

Another thing…the squid.conf options that you talk on this article:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

These dont’ appear on my squid.conf, i used the following line to set the transparency:

http_port 3128 transparent

By: Nuno

Nuno — Mon, 15 Sep 2008 13:48:28 +0000

Everythings seems ok, it’s so transparent that the requests don’t apear in the access.log file
Does the syslog output bellow indicates anything wrong?

Sep 15 14:42:29 webfilter squid[2413]: Starting Squid Cache version 2.7.STABLE3 for i686-pc-linux-gnu…
Sep 15 14:42:29 webfilter squid[2413]: Process ID 2413
Sep 15 14:42:29 webfilter squid[2413]: With 1024 file descriptors available
Sep 15 14:42:29 webfilter squid[2413]: Using epoll for the IO loop
Sep 15 14:42:29 webfilter squid[2413]: DNS Socket created at 0.0.0.0, port 32770, FD 6
Sep 15 14:42:29 webfilter squid[2413]: Adding domain min-saude.pt from /etc/resolv.conf
Sep 15 14:42:29 webfilter squid[2413]: Adding nameserver 194.xxx.xxx.xxx from /etc/resolv.conf
Sep 15 14:42:29 webfilter squid[2413]: logfileOpen: opening log /usr/local/squid/var/logs/access.log
Sep 15 14:42:29 webfilter squid[2411]: Squid Parent: child process 2413 started
Sep 15 14:42:29 webfilter squid[2413]: Unlinkd pipe opened on FD 11
Sep 15 14:42:29 webfilter squid[2413]: Swap maxSize 102400 KB, estimated 7876 objects
Sep 15 14:42:29 webfilter squid[2413]: Target number of buckets: 393
Sep 15 14:42:29 webfilter squid[2413]: Using 8192 Store buckets
Sep 15 14:42:29 webfilter squid[2413]: Max Mem size: 8192 KB
Sep 15 14:42:29 webfilter squid[2413]: Max Swap size: 102400 KB
Sep 15 14:42:29 webfilter squid[2413]: logfileOpen: opening log /usr/local/squid/var/logs/store.log
Sep 15 14:42:29 webfilter squid[2413]: Rebuilding storage in /usr/local/squid/var/cache (DIRTY)
Sep 15 14:42:29 webfilter squid[2413]: Using Least Load store dir selection
Sep 15 14:42:29 webfilter squid[2413]: Set Current Directory to /usr/local/squid/var/cache
Sep 15 14:42:29 webfilter squid[2413]: Loaded Icons.
Sep 15 14:42:29 webfilter squid[2413]: Accepting transparently proxied HTTP connections at 0.0.0.0, port 3128, FD 13.
Sep 15 14:42:29 webfilter squid[2413]: Accepting ICP messages at 0.0.0.0, port 3130, FD 14.
Sep 15 14:42:29 webfilter squid[2413]: WCCP Disabled.
Sep 15 14:42:29 webfilter squid[2413]: Accepting WCCPv2 messages on port 2048, FD 15.
Sep 15 14:42:29 webfilter squid[2413]: Initialising all WCCPv2 lists
Sep 15 14:42:29 webfilter squid[2413]: Ready to serve requests.
Sep 15 14:42:29 webfilter squid[2413]: Done reading /usr/local/squid/var/cache swaplog (358 entries)
Sep 15 14:42:29 webfilter squid[2413]: Finished rebuilding storage from disk.
Sep 15 14:42:29 webfilter squid[2413]: 299 Entries scanned
Sep 15 14:42:29 webfilter squid[2413]: 0 Invalid entries.
Sep 15 14:42:29 webfilter squid[2413]: 0 With invalid flags.
Sep 15 14:42:29 webfilter squid[2413]: 299 Objects loaded.
Sep 15 14:42:29 webfilter squid[2413]: 0 Objects expired.
Sep 15 14:42:29 webfilter squid[2413]: 59 Objects cancelled.
Sep 15 14:42:29 webfilter squid[2413]: 0 Duplicate URLs purged.
Sep 15 14:42:29 webfilter squid[2413]: 0 Swapfile clashes avoided.
Sep 15 14:42:29 webfilter squid[2413]: Took 0.3 seconds (1037.8 objects/sec).
Sep 15 14:42:29 webfilter squid[2413]: Beginning Validation Procedure
Sep 15 14:42:29 webfilter squid[2413]: Completed Validation Procedure
Sep 15 14:42:29 webfilter squid[2413]: Validated 240 Entries
Sep 15 14:42:29 webfilter squid[2413]: store_swap_size = 2076k
Sep 15 14:42:30 webfilter squid[2413]: storeLateRelease: released 0 objects