Squid Web Cache wiki

Squid Web Cache documentation

🔗 Configuring a Cisco 3640 with WCCPv2 Interception

🔗 Outline

This was done on a Cisco 3640 running c3640-is-mz.122-23f.bin; its acting as a NAT gateway and home router.

This configuration passes web traffic (port 80 only) over WCCPv2 to another box for handling. It is expected the that the box will contain squid or other proxy for processing the traffic.

🔗 Cisco 3640 router

ip wccp web-cache
interface Ethernet1/0
 description Public interface
 ip address X.X.X.X
 no ip redirects
 no ip unreachables
 ip nat outside
interface FastEthernet2/0
 no ip address
 duplex auto
 speed auto
interface FastEthernet2/0.1
 encapsulation dot1Q 1 native
 ip address
 no ip redirects
 no ip unreachables
 ip wccp web-cache redirect in
 ip nat inside

🔗 Squid configuration for WCCP version 2

All the squid.conf options beginning with wccp2_* apply to WCCPv2 only

🔗 Squid configuration

🔗 Squid box OS configuration

modprobe ip_gre
ip tunnel add wccp0 mode gre remote $ASA-EXT-IP local $SQUID-IP dev eth0

ifconfig wccp0 $SQUID-IP netmask up

disable rp_filter, or the packets will be silently discarded

echo 0 >/proc/sys/net/ipv4/conf/wccp0/rp_filter
echo 0 >/proc/sys/net/ipv4/conf/eth0/rp_filter

enable ip-forwarding and redirect packets to squid

echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j REDIRECT --to-port 3129
iptables -t nat -A POSTROUTING -j MASQUERADE

🔗 Troubleshooting

⚠️ Disclaimer: Any example presented here is provided "as-is" with no support
or guarantee of suitability. If you have any further questions about
these examples please email the squid-users mailing list.

Categories: ConfigExample

Navigation: Site Search, Site Pages, Categories, 🔼 go up