Lately I've been trying to get a squid server to work with WCCP on our network so that client traffic transparently goes through the proxy. The problem is, having very little experience with squid, I've hit a brick wall and despite spending days searching the web and reading through tons of material, I can't seem to move past it. Maybe you guys can spot the problem. Here's what I have so far.
Network Diagram -
I'm pretty sure my Cisco router is configured properly. The Cisco router ACL is NOT blocking anything coming from or going to the squid server. The linux firewall (iptables) is also NOT blocking anything. 'show ip wccp' on the router shows that squid registers with the router, and wireshark on the squid server shows that the GRE tunnel is receiving packets. The iptables rule that is meant to redirect all traffic from the GRE tunnel to the squid port shows that it's getting hits (iptables -t nat -nvL PREROUTING). The thing is - squid logs don't show that it's receiving any kind of requests. The client machine (the only machine that WCCP should be sending HTTP traffic to squid from) basically can't load any web page once the squid daemon is started on the squid server - it just times out. Is there something wrong with the iptables rule? Could it be something else? I have a feeling it's just one simple thing I'm missing somewhere. Here are the different sections:
ip wccp web-cache redirect-list 120 group-list 10
ip address 192.168.13.1 255.255.255.0
ip wccp web-cache redirect in
ip access-list standard 10
ip access-list extended 120
deny ip host 10.10.10.2 any
permit tcp host 192.168.13.250 any eq www
deny ip any any
iptunnel add gre1 mode gre remote [external IP of router] local 10.10.10.2 dev eth0
Your grammar is terrible. English is my second language and I would never write like that - even online. Please take some lessons in grammar - unless of course you write bad on purpose, in which case, please stop.
Your question has very little to do with the topic of this thread
This thread has been dead for almost 6 months (assuming that one guy talking to himself could be considered alive in the first place). You may want to start a new topic for your question
If you have a squid question for me that has nothing to do with this topic, you might want to send me a private message instead of continuing to post here. Also, I'm not a squid expert, and you might be better off trying the squid mailing lists where the real experts are:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :