Are you unencapsulating the WCCP GRE packets when they hit the Squid
box? Squid doesn't do anything with WCCP GRE packets, you have to have
something in your network layer to decapsulate them. On Linux this is
done with the ip_wccp module, or with a patched ip_gre module. I'm
unfamiliar with doing WCCP on FreeBSD, but the FAQ (always a good place
to start) has some interesting information on the subject that is
probably worth reading:
http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.11
francisv@dagupan.com wrote:
> Hi all,
>
> I'm having problems implementing WCCP v1 on FreeBSD 4.3-STABLE1 using
> squid-2.4STABLE1. I'm using `ipnat' to redirect traffic:
>
> # Redirect everything else to squid on port 80
> rdr xl0 0.0.0.0/0 port 80 -> ip.of.squid.box port 8080 tcp
> rdr ed0 0.0.0.0/0 port 80 -> ip.of.squid.box port 8080 tcp
>
> My `squid.conf' file has the following entries:
>
> http_port 3128
> http_port 8080
> icp_port 3130
>
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> wccp_router ip.of.cisco.router
>
> The cisco router sees the machine but inspecting the packets going to
> the squid machine yields nothing:
>
> root squid# tcpdump -i xl0 port 2408
>
> The problem is, it doesn't work! I can access the proxy server via port
> 80 (but a little slow), 8080, and 3128. But turning off the proxy
> setting on the client browser (to make way for WCCP) for the router to
> intercept the packet yields no response. What am I doing wrong? I have
> followed every instruction on the Squid website's FAQ to enable WCCP.
>
> Also, redirecting from port 80 to port 8080 seems slower than directly
> accessing 8080. Why is this so? Which is faster, ipnat or ipfw?
>
-- -- Joe Cooper <joe@swelltech.com> Affordable Web Caching Proxy Appliances http://www.swelltech.comReceived on Fri Jun 15 2001 - 23:06:00 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:46 MST