Squid Web Cache wiki

Squid Web Cache documentation

🔗 Configuring multiple interception ports using WCCPv2

By AdrianChadd

🔗 Outline

The Squid WCCPv2 implementation can intercept more than TCP port 80. The currrent implementation can create multiple arbitrary TCP and UDP ports.

There are a few caveats:

🔗 Example

Here is an example of redirecting port 80 and port 8080 traffic to a Squid proxy server.

🔗 Cisco configuration

This configures a dynamic service group - group 80 - which is handed a bunch of details by the neighbour caches. I chose 80 because its “web and some other stuff”, but it doesn’t have to be 80 and it doesn’t have to involve http (tcp port 80.) It could be 90, or 100, or 123.

ip wccp 80
interface FastEthernet0/1
 ip address
 ip wccp 80 redirect in
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto

🔗 Squid configuration

This configuration covers the interception part - this Squid sits behind a NATted interface that is WCCPv2 intercepted. The Squid server sits on two network interfaces: an external interface with real a IP address that squid binds to with tcp_outgoing_address, and the internal WCCPv2 intercept + NAT’ted address.

wccp2_service dynamic 80
wccp2_service_info 80 protocol=tcp priority=240 ports=80,8000,2080


http_port transparent vport=80
http_port transparent vport=8000
http_port transparent vport=2080

🔗 Linux interception configuration

eth0 is the external (public) IP address; eth1 is the internal IP address which is being WCCPv2 intercepted.

ip tunnel add gre0 mode gre remote local dev eth1
ifconfig gre0 inet netmask up
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter

iptables -F -t nat
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j DNAT --to-destination
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 8000 -j DNAT --to-destination
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 2080 -j DNAT --to-destination

⚠️ Disclaimer: Any example presented here is provided "as-is" with no support
or guarantee of suitability. If you have any further questions about
these examples please email the squid-users mailing list.

Categories: ConfigExample

Navigation: Site Search, Site Pages, Categories, 🔼 go up