Professional Documents
Culture Documents
make all
make install
useradd squid
/usr/local/squid/sbin/squid -z
cd /usr/local/squid
mkdir ssl_cert
cd ssl_cert
openssl req -new -newkey rsa:1024 -days 36500 -nodes -x509 -keyout proxyCA.pem -out
proxyCA.pem
mkdir /usr/local/squid/var/lib
http_port 8128
sslproxy_flags DONT_VERIFY_PEER
sslproxy_cert_error allow ssl_broken_sites
sslproxy_cert_error deny all
ssl_bump none localhost
ssl_bump server-first all
wccp2_router 172.31.4.251
wccp_version 4
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method hash
wccp2_service standard 0
wccp2_service dynamic 70
wccp2_service_info 70 protocol=tcp flags=dst_ip_hash priority=240 ports=443,80
always_direct allow all
access_log stdio:/usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
logfile_rotate 60
#debug_options ALL,2 ## for debug http traffic
debug_options ALL,1
url_rewrite_children 20
## squid.conf END
------------------------------------------------------------------
# Save following script to /etc/rc.local
killall -9 squid
/sbin/modprobe ip_gre
/sbin/iptunnel add wccp0 mode gre remote 172.31.8.251 local 172.31.4.2 dev eth0
/sbin/ifconfig wccp0 172.31.4.2 up
/sbin/iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp —dport 80 -j REDIRECT —to-ports
3128
/sbin/iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp —dport 443 -j REDIRECT —to-ports
3127
ulimit -n 10240
/usr/local/squid/sbin/squid &
------------------------------------------------------------------
# My router is Cisco 2811
en
conf t
ip wccp 70 redirect-list wccp
int f0/0
# Router debug
sh ip wccp 70
show ip wccp 70 detail
------------------------------------------------------------------