WCCP

heys, i need help!!

I have setup a Cisco 2691 Router to apply WCCP but didn’t work out…

i  spend 5 hours from google and read many Documents!!

Everything seems ok but Client can’t open pages

 

My Scenario: 3 Clouds (one for client, one for Ubuntu Squid and one for WAN)

 

Ubuntu squid:

acl bad url_regex google

http_access deny bad

acl manager proto cache_object

acl localhost src 127.0.0.1/32 ::1 192.168.0.0/24

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl SSL_ports port 443

acl Safe_ports port 80        # http

acl Safe_ports port 21        # ftp

acl Safe_ports port 443        # https

acl Safe_ports port 70        # gopher

acl Safe_ports port 210        # wais

acl Safe_ports port 1025-65535    # unregistered ports

acl Safe_ports port 280        # http-mgmt

acl Safe_ports port 488        # gss-http

acl Safe_ports port 591        # filemaker

acl Safe_ports port 777        # multiling http

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost

http_access deny all

http_port 3128 transparent

hierarchy_stoplist cgi-bin ?

cache_dir ufs /var/spool/squid3 300 16 256

access_log /var/log/squid3/access.log squid

coredump_dir /var/spool/squid3

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern (cgi-bin|\?)    0       0%      0

refresh_pattern         \.asp$          1 20% 2

refresh_pattern         \.acgi$         1 20% 2

refresh_pattern         \.cgi$          1 20% 2

refresh_pattern         \.pl$           1 20% 2

refresh_pattern         \.shtml$        1 20% 2

refresh_pattern         \?              1 20% 2

refresh_pattern         \.gif$          10080   90%     93200 reload-into-ims override-expire

refresh_pattern         \.jpg$          10080   90%     93200 reload-into-ims override-expire

refresh_pattern         \.bom\.gov\.au     30   20%       120 reload-into-ims override-expire

refresh_pattern         \.html$           480   50%     22160 reload-into-ims override-expire

refresh_pattern         \.htm$            480   50%     22160 reload-into-ims override-expire

refresh_pattern         \.class$        10080   90%     93200 reload-into-ims override-expire

refresh_pattern         \.zip$          10080   90%     93200 reload-into-ims override-expire

refresh_pattern         \.jpeg$         10080   90%     93200 reload-into-ims override-expire

refresh_pattern         \.png$          10080   90%     93200 reload-into-ims override-expire

refresh_pattern         \.mid$          10080   90%     93200 reload-into-ims override-expire

refresh_pattern         \.mid$          10080   90%     93200 reload-into-ims override-expire

refresh_pattern         \.shtml$          480   50%     22160 reload-into-ims

refresh_pattern         \.exe$          10080   90%     93200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.thm$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.wav$          10080   90%     93200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.txt$          10080   90%     93200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.cab$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.au$           10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.mov$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.xbm$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.ram$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.rm$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.js$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.avi$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.chtml$          480   50%     22160 reload-into-ims

refresh_pattern         \.thb$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.dcr$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.bmp$          10080   90%     93200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.phtml$          480   50%     22160 reload-into-ims

refresh_pattern         \.mpg$          10080   90%     43200 reload-into-ims override-expire

refresh_pattern         \.pdf$          10080   90%     43200 reload-into-ims override-expire

refresh_pattern         \.art$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.swf$          10080   90%     93200 reload-into-ims override-expire

refresh_pattern         \.mp3$          10080   90%     93200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.ra$           10080   90%     43200 reload-into-ims override-expire

refresh_pattern         \.spl$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.viv$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.doc$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.gz$           10080   90%     93200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.Z$            10080   90%     43200 reload-into-ims override-expire

refresh_pattern         \.tgz$          10080   90%     43200 reload-into-ims override-expire

refresh_pattern         \.tar$          10080   90%     43200 reload-into-ims override-expire

refresh_pattern         \.vrm$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.vrml$         10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.aif$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.aifc$         10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.aiff$         10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.arj$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.c$            10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.cpt$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.dir$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.dxr$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.hqx$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.jpe$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.lha$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.lzh$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.midi$         10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.movie$        10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.mp2$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.mpe$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.rm$           10800   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.mpeg$         10080   90%     43200 reload-into-ims override-expire

refresh_pattern         \.mpga$         10080   90%     43200 reload-into-ims override-expire

refresh_pattern         \.pl$           10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.ppt$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.ps$           10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.qt$           10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.qtm$          10080   90%     43200 reload-into-ims override-expire

refresh_pattern         \.ras$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.sea$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.sit$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.tif$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.tiff$         10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.snd$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         \.wrl$          10080   90%     43200 reload-into-ims override-expire override-lastmod

refresh_pattern         ^ftp://           480   60%     22160

refresh_pattern         ^gopher://         30   20%       120

refresh_pattern         .               0       20%     9320 reload-into-ims

wccp2_router 197.197.197.1

wccp2_rebuild_wait on

wccp2_forwarding_method 1

wccp2_return_method 1

wccp2_service standard 0

////////////////////////

Config GRE:

 

sudo modprobe ip_gre

 

sudo iptunnel add tun1 mode gre remote 197.197.197.1 local 197.197.197.2 dev eth0

sudo ifconfig tun1 127.0.1.1 netmask 255.255.255.255 up

sudo iptables -t nat -A PREROUTING -i tun1 -p tcp –dport 80 -j DNAT –to-destination 197.197.197.2:3128

 

Cisco Router:

——————–

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname WCCP

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

ip wccp web-cache

ip cef

!

!

 

!

archive

log config

  hidekeys

!

 

interface FastEthernet0/0

description to WAN

ip address 192.168.5.1 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description To clients

ip address 192.168.0.1 255.255.255.252

ip wccp web-cache redirect in

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet1/0

description to SQUID

ip address 197.197.197.1 255.255.255.252

ip nat inside

ip virtual-reassembly

ip route-cache same-interface

duplex auto

speed auto

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 192.168.5.10

!

!

ip http server

no ip http secure-server

ip nat inside source list NAT interface FastEthernet0/0 overload

!

ip access-list extended NAT

permit ip any any

 

access-list 100 permit tcp 192.168.0.0 0.0.0.255 any

!

 

I did some verification ex:

When i open Webpages at same time at Ubuntu Squid Server i did:

root@kado:/home/kad# tcpdump -ni tun1

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on tun1, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes

02:10:48.346514 IP 192.168.0.2.1818 > 74.125.230.145.80: Flags [S], seq 1814065931, win 64240, options [mss 1420,nop,nop,sackOK], length 0

02:10:51.272839 IP 192.168.0.2.1818 > 74.125.230.145.80: Flags [S], seq 1814065931, win 64240, options [mss 1420,nop,nop,sackOK], length 0

02:10:57.281538 IP 192.168.0.2.1818 > 74.125.230.145.80: Flags [S], seq 1814065931, win 64240, options [mss 1420,nop,nop,sackOK], length 0

 

so client is acessing webpage and SQUID server can see that

 

also i verify if GRE tunnel between Squid and Cisco Router is working fine:

 

root@kado:/home/kad# tcpdump -ni eth0

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

02:11:51.276581 IP 197.197.197.1 > 197.197.197.2: GREv0, length 56: gre-proto-0x883e

02:11:53.482874 IP 197.197.197.2.2048 > 197.197.197.1.2048: UDP, length 144

02:11:53.487546 IP 197.197.197.1.2048 > 197.197.197.2.2048: UDP, length 140

02:11:54.281509 IP 197.197.197.1 > 197.197.197.2: GREv0, length 56: gre-proto-0x883e

02:11:54.504446

02:11:58.492840 ARP, Request who-has 197.197.197.1 tell 197.197.197.2, length 28

02:11:58.496038 ARP, Reply 197.197.197.1 is-at c0:00:1f:03:00:10, length 46

02:12:00.292086 IP 197.197.197.1 > 197.197.197.2: GREv0, length 56: gre-proto-0x883e

02:12:03.491703 IP 197.197.197.2.2048 > 197.197.197.1.2048: UDP, length 144

02:12:03.495544 IP 197.197.197.1.2048 > 197.197.197.2.2048: UDP, length 140

02:12:04.508053

02:12:04.958692 CDPv2, ttl: 180s, Device-ID ‘WCCP’, length 345

 

when i do:

root@kado:/home/kad# sudo tail -f /var/log/squid/*

nothing appear as if nothing redirect to SQUID Server!!

 

what did i do ? my configuration are wrong?

 

Thanks in advance