Scribd
Upload
229 views7 pages

WCCP Configuration for Squid Proxy

The document describes the configuration of a WCCP proxy and router network including network parameters, requirements for the Squid proxy server, Cisco router configuration, proxy server configuration, Squid configuration file, and Squid proxy monitoring tool configuration.

Uploaded by

Md Ariful Islam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
229 views7 pages

WCCP Configuration for Squid Proxy

The document describes the configuration of a WCCP proxy and router network including network parameters, requirements for the Squid proxy server, Cisco router configuration, proxy server configuration, Squid configuration file, and Squid proxy monitoring tool configuration.

Uploaded by

Md Ariful Islam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd

WCCP proxy + Router configuration document

Internet

WCCP Router
Proxy Squid
WCCP Cache Server
192.168.249.35/28

User-1 User-2

Network parameters:

Router interface ip for WCCP server: 192.168.249.33 sub: 255.255.255.248

Router interface ip for local users: 10.10.10.254 sub: 255.255.255.0

WCCP service identifier number: 80

Running wccp version 2

WCCP requirements for Squid proxy

1. Squid proxy server gateway must be a WCCP router.

2. PEER_OUTER_IPADDR of gre interface must be the address which shows in “sh ip wccp 80 view
commands” as follows

WCCP Routers Informed of:


192.168.255.254
3. SELinux must be disabled
4. Default IP table policy must be disabled. It should be like follows,

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
#-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#-A INPUT -p icmp -j ACCEPT
#-A INPUT -i lo -j ACCEPT
#-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
#-A INPUT -j REJECT --reject-with icmp-host-prohibited
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

5. service iptables status should show the following line after disable the iptable rules

Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination

Chain FORWARD (policy ACCEPT)


num target prot opt source destination

Chain OUTPUT (policy ACCEPT)


num target prot opt source destination

Cisco router configuration:

ip wccp 80

Router interface command for WCCP traffic redirection

ip address 10.10.10.254 255.255.255.0

ip wccp 80 redirect in
Proxy server configuration

Ethernet interface 0

DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.249.47
HWADDR=00:18:8B:42:A6:34
IPADDR=192.168.249.35
NETMASK=255.255.255.240
NETWORK=192.168.249.32
GATEWAY=192.168.249.33
ONBOOT=yes

GRE-1 interface configuration

DEVICE=gre1
TYPE=GRE
BOOTPROTO=none
MY_INNER_IPADDR=127.0.1.1
PEER_OUTER_IPADDR=192.168.255.254
PEER_INNER_IPADDR=127.0.1.1
NETMASK=255.255.255.252
ONBOOT=yes

Rc.Local configuration for DNAT of all gre traffic to 3128 proxy port

echo 1 > /proc/sys/net/ipv4/ip_forward


echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/gre1/rp_filter

iptables -t nat -A PREROUTING -i gre1 -d 0/0 -p tcp -j DNAT --to-destination 192.168.249.35:3128


For dual nic Proxy [iptables -t nat -A PREROUTING -i gre1 -p tcp --dport 80 -j DNAT --to Internal IP
address:3128]

Squid configuration file for supporting WCCP ver2

###############################WCCP configuration####################

http_port 3128 transparent

wccp2_router 192.168.249.33

# forwarding 1=gre 2=l2


wccp2_forwarding_method 1

# GRE return method gre|l2


wccp2_return_method 1

# Assignment method hash|mask


wccp2_assignment_method 1

# standard web cache, no auth

wccp2_service dynamic 80

wccp2_service_info 80 protocol=tcp priority=240 ports=80


Squid proxy monitoring tool SQSTAT configuration:

Requirements:

1. Apache/httpd installed

2. Perl installed

3. PHP installed

For configuring Apache/httpd webserver on 10.10.10.10 server,

1. First need to change the FQDN name of server. For this goes to

/etc/hosts file and replace the default line with the following

127.0.0.1 webserver.bg.com.bd webserver

2. Use hostname command

Hostname webser.bg.com.bd

3. Add domain name to /etc/resolve.conf

Search bg.com.bd

4. Just restart the apache/httpd service

For configuring sqstat

1. Download the sqstat tar file

2. untar the folder to your webserver DocumentRoot. For httpd/apache (/var/www/html/)

3. then rename the default. config.inc.php to config.inc.php


4. edit the config.inc.php just like following

/* proxy settings */

/* Squid proxy server ip address or host name */

$squidhost[0]="192.168.249.35";

/* Squid proxy server port */

$squidport[0]=3128;

/* cachemgr_passwd in squid.conf. Leave blank to disable authorisation */

$cachemgr_passwd[0]="xxxx";

/* Resolve user IP addresses or print them as numbers only [true|false] */

$resolveip[0]=false;

/* uncomment next line if you want to use hosts-like file.

See hosts.txt.dist. */

// $hosts_file[0]="hosts.txt"

/* Group users by hostname - "host" or by User - "username". Username work only

with squid 2.6+ */

$group_by[0]="host";

5. just restart the webservice and hit the webserver address on your brower with this line

http://10.10.10.10/sqstat
now you will get the live data

You might also like