[squid-users] Assistance with WCCPv2 Setup with Cisco Router

Tue, 21 Mar 2017 19:28:50 -0700 

Sorry, I didn't see your original reply.


I will look into these issues and troubleshoot further, thank you.


Cooper


________________________________
From: squid-users <squid-users-boun...@lists.squid-cache.org> on behalf of 
squid-users-requ...@lists.squid-cache.org 
<squid-users-requ...@lists.squid-cache.org>
Sent: Tuesday, March 21, 2017 3:14 PM
To: squid-users@lists.squid-cache.org
Subject: squid-users Digest, Vol 31, Issue 67

Send squid-users mailing list submissions to
        squid-users@lists.squid-cache.org

To subscribe or unsubscribe via the World Wide Web, visit
        
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=S%2BTxOG9DaQkq8MDxF5obmrM4R%2BtekaFg8S4fXUlynec%3D&reserved=0
or, via email, send a message with subject or body 'help' to
        squid-users-requ...@lists.squid-cache.org

You can reach the person managing the list at
        squid-users-ow...@lists.squid-cache.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of squid-users digest..."


Today's Topics:

   1. Re: Assistance with WCCPv2 Setup with Cisco Router (Yuri Voinov)


----------------------------------------------------------------------

Message: 1
Date: Wed, 22 Mar 2017 01:14:19 +0600
From: Yuri Voinov <yvoi...@gmail.com>
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Assistance with WCCPv2 Setup with Cisco
        Router
Message-ID: <d33498f4-3dfc-4fe2-2a35-3a64f4a08...@gmail.com>
Content-Type: text/plain; charset="utf-8"

Ah, forgot about this:

https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.squid-cache.org%2FConfigExamples%2FIntercept&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=EPs3eDmARBmwyp8VES4Ret7aO8ZlIQ7H1LRZKC7lUQQ%3D&reserved=0


22.03.2017 1:04, Waldon, Cooper пишет:
>
> Hello All,
>
>
>
> I’m trying to set up a transparent proxy for http and https using
> Cisco Routers and Squid.  I have followed the configuration examples
> that are listed under the wccp2 overview section
> (https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.squid-cache.org%2FFeatures%2FWccp2&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=kEcy58RMI6q8cV0SzQacGAjm6q5NsSGO%2By8PRmvUf5w%3D&reserved=0)
>  of the squid wiki but I’m
> still having some issues.
>
>
>
> I have a little lab set up with a Cisco 7200 Router and a VM with
> CentOS running the proxy.
>
>
>
> The “WAN” IP of the Router is 192.168.0.23.  The IP of the Squid Proxy
> is 192.168.0.24 and both have the default gateway of 192.168.0.1 which
> is the “ISP”
>
>
>
> The Client is sitting on a LAN behind the Router in the 10.10.10.0/24
> subnet and is also sitting behind nat.
>
>
>
> I believe that the router and proxy are communicating properly based
> on the information in the show ip wccp command on the router as it
> shows clients and routers as well as showing that packets are being
> forwarded:
>
>
>
> R3#show ip wccp
>
> Global WCCP information:
>
>     Router information:
>
>         Router Identifier:                   192.168.0.23
>
>         Configured source-interface:         GigabitEthernet5/0
>
>
>
>     Service Identifier: web-cache
>
>         Protocol Version:                    2.00
>
>         Number of Service Group Clients:     1
>
>         Number of Service Group Routers:     1
>
>         Total Packets Redirected:            1079
>
>           Process:                           0
>
>           CEF:                               1079
>
>         Service mode:                        Open
>
>         Service Access-list:                 -none-
>
>         Total Packets Dropped Closed:        0
>
>         Redirect access-list:                100
>
>         Total Packets Denied Redirect:       0
>
>         Total Packets Unassigned:            0
>
>         Group access-list:                   10
>
>         Total Messages Denied to Group:      0
>
>         Total Authentication failures:       0
>
>         Total GRE Bypassed Packets Received: 0
>
>           Process:                           0
>
>           CEF:                               0
>
>        GRE tunnel interface:                Tunnel1
>
>
>
>     Service Identifier: 70
>
>         Protocol Version:                    2.00
>
>         Number of Service Group Clients:     1
>
>         Number of Service Group Routers:     1
>
>         Total Packets Redirected:            500
>
>           Process:                           0
>
>           CEF:                               500
>
>         Service mode:                        Open
>
>         Service Access-list:                 -none-
>
>         Total Packets Dropped Closed:        0
>
>         Redirect access-list:                100
>
>         Total Packets Denied Redirect:       0
>
>         Total Packets Unassigned:            0
>
>         Group access-list:                   10
>
>         Total Messages Denied to Group:      0
>
>         Total Authentication failures:       0
>
>         Total GRE Bypassed Packets Received: 0
>
>           Process:                           0
>
>           CEF:                               0
>
>         GRE tunnel interface:                Tunnel0
>
>
>
> Here is the relevant squid wccp configuration:
>
>
>
> ----Output removed----
>
> # Squid normally listens to port 3128
>
> http_port 3128
>
> http_port 0.0.0.0:3129
>
>
>
> # WCCPv2 Parameters
>
> wccp2_router 192.168.0.23
>
> wccp2_forwarding_method 1
>
> wccp2_return_method 1
>
> wccp2_assignment_method hash
>
> wccp2_service standard 0
>
> wccp2_service dynamic 70
>
> wccp2_service_info 70 protocol=tcp
> flags=dst_ip_hash,src_ip_alt_hash,src_port_alt_hash priority=231 ports=443
>
>
>
> ---Output remove----
>
>
>
> I think that the issue lies with the iptables configuration as I do
> not see any packets been processed in the nat table.  I have tried a
> few different methods such as:
>
>
>
> iptables -t nat -A PREROUTING -i wccp0 -p tcp –dport 80 -j REDIRECT
> –to-port 3129
>
> iptables -t nat -A PREROUTING -i wccp0 -p tcp –dport 443 -j REDIRECT
> –to-port 3129
>
> iptables -t nat -A POSTROUTING -j MASQUERADE
>
>
>
> or
>
>
>
> iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to-destination
> 192.168.0.24:3129
>
> iptables -t nat -A PREROUTING -p tcp –dport 443 -j DNAT
> –to-destination 192.168.0.24:3129
>
> iptables -t nat -A POSTROUTING -j MASQUERADE
>
>
>
> I have also tried adding ACCEPT commands to the PREROUTING zone just
> in case the proxy is dropping the packets right away but that also
> doesn’t work.
>
>
>
> The proxy functions perfectly when the client is configured to use a
> proxy so there doesn’t appear to be any issues with routing or
> anything like that, it’s just the transparent proxying that isn’t working.
>
>
>
> If anyone has any suggestions of what I could try that would be
> greatly appreciated.  Let me know if anything is unclear or if you
> need further clarification.
>
>
>
> Thank you,
>
> Cooper Waldon
>
>
>
>
>
> *Cooper Waldon** **l **Network
> Engineer** **l****OTN****l****416-446-4110 x 4473 **l** **www.otn.ca*
> <http://www.otn.ca/>***|****Service Desk 1-855-654-0888 x2*
>
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users@lists.squid-cache.org
> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=S%2BTxOG9DaQkq8MDxF5obmrM4R%2BtekaFg8S4fXUlynec%3D&reserved=0

--
Bugs to the Future
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20170322%2F19763217%2Fattachment.html&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=%2BdRlah9JgnWfvUSTiulB%2BaTWQXY%2BNmyP%2BsAa4A%2FXL%2BU%3D&reserved=0>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: 
<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20170322%2F19763217%2Fattachment.key&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=CnmuhfgaBl5NFNuEp0C9VqbOuFAhlX32zIehczGNRl8%3D&reserved=0>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: 
<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20170322%2F19763217%2Fattachment.sig&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=z1x4mb0FAeJqa0WPXZdnHuKgXc8BLAVL6INMTfquOaY%3D&reserved=0>

------------------------------

Subject: Digest Footer

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=01%7C01%7Ccwaldon%40otn.ca%7C719ecf3df906402c5bef08d4708e801f%7Cb211ab61e77f4bffabd5f70e4344653f%7C1&sdata=S%2BTxOG9DaQkq8MDxF5obmrM4R%2BtekaFg8S4fXUlynec%3D&reserved=0


------------------------------

End of squid-users Digest, Vol 31, Issue 67
*******************************************

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to