RE: [nsp] wccp to non-cisco box

From: hari_bhr (hari_bhr@yahoo.com)
Date: Tue Nov 28 2000 - 04:31:33 EST


Below I have documented a 'cookbook' for the things I did to get the system
up and running .

===========================================
1. Install RedHat 6.2 slecting the 'server' install setup.
2. After completion check that network card has been discovered, configured
and is working (ping something). Check dns is working.
3. Install squid rpm -> squid-2.3.STABLE1-5 (on the RH CD)
4. Obtain source of the ip_wccp.o patch from:
http://www.squid-cache.org/WCCP-support/Linux/ip_wccp.c
OR
If you can find it compiled into an object file for EXACTLY the same kernel
- use it.
5. (optional) compile ip_wccp.c if required. It will need to be compiled
with the flags that the kernel normally uses for compiling modules:
This should all be on one line(!):
        gcc " your options to compile" ip_wccp.c

6. Copy ip_wccp.o to /lib/modules/<kernel-version>/ipv4/ip_wccp.o and then
edit /lib/modules/kernel-version/modules.dep to add the line:

/lib/modules/<kernel-version>/ipv4/ip_wccp.o

test the module with:
/sbin/depmod -a -e
/sbin/modprobe ip_wccp

which should report no errors.

7. Edit /etc/sysctl.conf:
# Disables packet forwarding
net.ipv4.ip_forward = 1
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Disables automatic defragmentation (needed for masquerading, LVS)
net.ipv4.ip_always_defrag = 0
# Disables the magic-sysrq key
kernel.sysrq = 0

8. Edit /etc/squid/squid.conf:
(some of these are default settings - some are not - just search through and
change them)

httpd_accel_with_proxy on
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_uses_host_header on
http_port 3128

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl spc_nocache srcdomain spc.int spc.org.fj spc.org.nc
no_cache deny spc_nocache

emulate_httpd_log on
acl snmppublic snmp_community public
snmp_port 3401

snmp_access allow snmppublic localhost
snmp_access allow snmppublic all

http_access allow all
http_access allow localhost

icp_access allow all

httpd_accel_uses_host_header on

wccp router " your router"

9. Run the linuxconf program and setup the firewalling so that the access
lists are as follows: (the order of the access lists is VERY improtant).
target prot opt source destination ports
ACCEPT all ------ webcache webcache n/a
ACCEPT tcp ------ anywhere webcache.spc.int any ->
www
REDIRECT tcp ------ 202.0.157.0/24 anywhere any ->
www => squid
ACCEPT all ------ 202.0.157.0/24 anywhere n/a
ACCEPT all ------ anywhere 202.0.157.0/24 n/a
ACCEPT all ------ webcache webcache n/a
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

(webcache.spc.int should be substituted with the local host name.
202.0.157.0 should be substituted with the LAN that you want caching access
for...ie the LAN the Cisco is on).

10. Add a file to the startup directory (/etc/rc.d/init.d) called ip_wccp
containing
#!/bin/sh
/sbin/modprobe ip_wccp
then make a link to it in the /etc/rc.d/rc3.d directory:
ln -s ../init.d/ip_wccp S99ip_wccp

11. Reboot the linux box and make sure it comes up!

12. Log into the cisco and go into enable mode:

ip wccp version 1
ip wccp web-cache redirect

Int (output interface to be cached)
        ip wccp web-cache redirect out

any more doubts feel free to contact me

hari
-----Original Message-----
From: Laszlo PAL [mailto:laszlo.PAL@nextra.hu]
Sent: Tuesday, November 28, 2000 2:55 PM
To: 'hari_bhr@yahoo.com'
Cc: Akos Slyuch
Subject: RE: [nsp] wccp to non-cisco box

May I ask you to send me some sample config for WCCP v1 with squid? Is this
stable enough?

Thank you
Laszlo

> -----Original Message-----
> From: hari_bhr [mailto:hari_bhr@yahoo.com]
> Sent: Monday, November 27, 2000 6:12 AM
> To: Lincoln Dale
> Cc: Laszlo PAL; cisco-nsp@puck.nether.net
> Subject: RE: [nsp] wccp to non-cisco box
>
>
> hi
>
> thanks for the responce
>
> iam already using squid with wccp version 1
>
> is there any resources i can found to convert to version 2
> if yes please send me the URL
>
> i know its not related to the news group, still iam not able
> to find this
> answer any where in the squid group
> thanks
>
>
> -----Original Message-----
> From: Lincoln Dale [mailto:ltd@cisco.com]
> Sent: Monday, November 27, 2000 10:43 AM
> To: hari_bhr@yahoo.com
> Cc: Laszlo PAL; cisco-nsp@puck.nether.net
> Subject: RE: [nsp] wccp to non-cisco box
>
>
> At 10:25 AM 27/11/2000 +0530, hari_bhr wrote:
> >ok, is there any plan to give rights to squid to implement version 2
>
> yes --
> the protocol specifications for both WCCPv1 and WCCPv2 are
> available as
> ietf draft documents:
> WCCPv1:
> http://search.ietf.org/internet-drafts/draft-forster-wrec-wccp
-v1-00.txt
   WCCPv2:
http://search.ietf.org/internet-drafts/draft-wilson-wrec-wccp-v2-00.txt

we will provide an implementation of WCCPv2 for squid for some environments
(linux and perhaps freebsd), however resources are limited on this and it
will happen on a "when convenient".
nothing is stopping anyone else from doing the work in the meantime,
however.

cheers,

lincoln.

_________________________________________________________

Do You Yahoo!?

Get your free @yahoo.com address at http://mail.yahoo.com

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:22 EDT