In order to clean things up, I did a fresh install of RedHat 6.2 from CD on
another machine. Here's the steps I've taken so far:
Install RedHat 6.2 - default kernel and Squid 2.3STABLE1-5 included on the
RedHat CD.
Setup as a static IP address 208.212.85.68 on the network
208.212.85.64/255.255.255.192. Router is 208.212.85.65. Connected via
10base-T hub.
Compiled ip_wccp.c into ip_wccp.o with the following command line:
gcc -D__KERNEL__ -O2 -I/usr/src/linux/include -DMODULE - DMODVERSIONS
-include /usr/src/linux/include/linux/modversions.h -c ip_wccp.c
copied ip_wccp.o into /lib/modules/2.2.14-5.0/ipv4
modified /lib/modules/2.2.14-5.0/modules.dep to include the following line:
/lib/modules/2.2.14-5.0/ipv4/ip_wccp.o:
ran the following commands:
modprobe ip_wccp
(no output)
depmod -a -e
it returned "depmod: not an ELF file"
lsmod
it returned:
Module Size Used by
ip_wccp 764 0 (unused)
(other modules - lockd, sunrpc, 3c59x were loaded before)
modified /etc/sysctl.conf:
net.ipv4.ip_forward = 1
also did
echo 1 > /proc/sys/net/ipv4/ip_forward
then did
cat /proc/sys/net/ipv4/ip_forward
it returned "1"
Then I used the following script to configure the packet forwarding (I'm
not denying anything at the moment until I get this working. Then I'll add
security.)
#!/bin/sh
/sbin/ipchains --policy input ACCEPT
/sbin/ipchains --flush input
/sbin/ipchains --append input --jump ACCEPT --source
208.212.85.68/255.255.255.255 --destination 208.212.85.68/255.255.255.255
/sbin/ipchains --append input --jump ACCEPT --proto TCP --source
0.0.0.0/0.0.0.0 --destination 208.212.85.68/255.255.255.255 www
/sbin/ipchains --append input --jump REDIRECT 3128 --proto TCP --source
208.212.85.64/255.255.255.192 --destination 0.0.0.0/0.0.0.0 www
/sbin/ipchains --policy input ACCEPT
/sbin/ipchains --list
It returns:
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ 208.212.85.68 208.212.85.68 n/a
ACCEPT tcp ------ anywhere 208.212.85.68 any -> www
REDIRECT tcp ------ 208.212.85.64/26 anywhere any
-> www => 3128
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
My squid.conf: (everything else is commented out)
http_port 3128
cache_dir ufs /var/spool/squid 2000 16 256
cache_access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
ftp_user info@uclid.com
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl allowed_hosts src 208.212.85.64/255.255.255.192
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow allowed_hosts
http_access allow localhost
http_access deny all
icp_access allow all
miss_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
wccp_router 208.212.85.65
I have a Cisco 2160 router (IOS 12.1(3)T)with the following wccp
commands: (I'm letting anything connect as a cache right now until I get
this working. Then I'll add security).
ip wccp version 1
ip wccp web-cache redirect-list any group-list any
interface Serial0/0
ip wccp web-cache redirect out
Then I fire up squid.
"show ip wccp" on the router shows the following:
Global WCCP information:
Router information:
Router Identifier: 208.212.85.65
Protocol Version: 1.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 515
Redirect access-list: any
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: any
Total Messages Denied to Group: 0
Total Authentication failures: 0
The total packets redirected goes up as people in the network browse the
web - but no accesses ever get to squid. Web browsing on the network is
broken as long as I have squid running and the router attempting to
redirect packets to it.
WHAT AM I MISSING????
Note: Under this configuration, no requests make it to squid - not even a
few, like they did with my other linux box.
Cache works normally when accessed with proxy setting in the browser.
Nathan Lewis
Senior Network Administrator
nathan_lewis@uclid.com
----------------------------------------------------------------------
CONFIDENTIALITY NOTICE -- This email is ONLY for the person(s) named in
the message header. Unless otherwise indicated, it contains information
that is confidential, privileged or exempt from disclosure under applicable
law.
If you have received it in error, please notify the sender of the error and
delete the message. Thank you.
--------------------------------------------------------------------------
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Mon Dec 11 2000 - 15:37:02 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:55 MST