'RE: [nsp] wccp to non-cisco box'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cisco-nsp
Subject:    RE: [nsp] wccp to non-cisco box
From:       "hari_bhr" <hari_bhr () yahoo ! com>
Date:       2000-11-28 9:43:33
[Download RAW message or body]


Below I have documented a 'cookbook' for the things I did to get the system
up and running .

===========================================
1. Install RedHat 6.2 slecting the 'server' install setup.
2. After completion check that network card has been discovered, configured
and is working (ping something). Check dns is working.
3. Install squid rpm -> squid-2.3.STABLE1-5 (on the RH CD)
4. Obtain source of the ip_wccp.o patch from:
http://www.squid-cache.org/WCCP-support/Linux/ip_wccp.c
OR
If you can find it compiled into an object file for EXACTLY the same kernel
- use it.
5. (optional) compile ip_wccp.c if required. It will need to be compiled
with the flags that the kernel normally uses for compiling modules:
This should all be on one line(!):
        gcc " your options to compile" ip_wccp.c

6. Copy ip_wccp.o to /lib/modules/<kernel-version>/ipv4/ip_wccp.o and then
edit /lib/modules/kernel-version/modules.dep to add the line:

/lib/modules/<kernel-version>/ipv4/ip_wccp.o

test the module with:
/sbin/depmod -a -e
/sbin/modprobe ip_wccp

which should report no errors.

7. Edit /etc/sysctl.conf:
# Disables packet forwarding
net.ipv4.ip_forward = 1
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Disables automatic defragmentation (needed for masquerading, LVS)
net.ipv4.ip_always_defrag = 0
# Disables the magic-sysrq key
kernel.sysrq = 0

8. Edit /etc/squid/squid.conf:
(some of these are default settings - some are not - just search through and
change them)

httpd_accel_with_proxy on
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_uses_host_header on
http_port 3128

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl spc_nocache srcdomain spc.int spc.org.fj spc.org.nc
no_cache deny spc_nocache

emulate_httpd_log on
acl snmppublic snmp_community public
snmp_port 3401

snmp_access allow snmppublic localhost
snmp_access allow snmppublic all

http_access allow all
http_access allow localhost

icp_access allow all

httpd_accel_uses_host_header on

wccp router " your router"

9. Run the linuxconf program and setup the firewalling so that the access
lists are as follows: (the order of the access lists is VERY improtant).
target     prot opt     source                destination           ports
ACCEPT     all  ------  webcache             webcache              n/a
ACCEPT     tcp  ------  anywhere             webcache.spc.int      any ->
www
REDIRECT   tcp  ------  202.0.157.0/24       anywhere              any ->
www => squid
ACCEPT     all  ------  202.0.157.0/24       anywhere              n/a
ACCEPT     all  ------  anywhere             202.0.157.0/24        n/a
ACCEPT     all  ------  webcache             webcache              n/a
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

(webcache.spc.int should be substituted with the local host name.
202.0.157.0 should be substituted with the LAN that you want caching access
for...ie the LAN the Cisco is on).

10. Add a file to the startup directory (/etc/rc.d/init.d) called ip_wccp
containing
#!/bin/sh
/sbin/modprobe ip_wccp
then make a link to it in the /etc/rc.d/rc3.d directory:
ln -s ../init.d/ip_wccp S99ip_wccp

11. Reboot the linux box and make sure it comes up!

12. Log into the cisco and go into enable mode:

ip wccp version 1
ip wccp web-cache redirect

Int (output interface to be cached)
        ip wccp web-cache redirect out




any more doubts feel free to contact me

hari
-----Original Message-----
From: Laszlo PAL [mailto:laszlo.PAL@nextra.hu]
Sent: Tuesday, November 28, 2000 2:55 PM
To: 'hari_bhr@yahoo.com'
Cc: Akos Slyuch
Subject: RE: [nsp] wccp to non-cisco box


May I ask you to send me some sample config for WCCP v1 with squid? Is this
stable enough?

Thank you
Laszlo


> -----Original Message-----
> From: hari_bhr [mailto:hari_bhr@yahoo.com]
> Sent: Monday, November 27, 2000 6:12 AM
> To: Lincoln Dale
> Cc: Laszlo PAL; cisco-nsp@puck.nether.net
> Subject: RE: [nsp] wccp to non-cisco box
>
>
> hi
>
> thanks for the responce
>
> iam already using squid with wccp version 1
>
> is there any resources i can found to convert to version 2
> if yes please send me the URL
>
> i know its not related to the news group, still iam not able
> to find this
> answer any where in the squid group
> thanks
>
>
> -----Original Message-----
> From: Lincoln Dale [mailto:ltd@cisco.com]
> Sent: Monday, November 27, 2000 10:43 AM
> To: hari_bhr@yahoo.com
> Cc: Laszlo PAL; cisco-nsp@puck.nether.net
> Subject: RE: [nsp] wccp to non-cisco box
>
>
> At 10:25 AM 27/11/2000 +0530, hari_bhr wrote:
> >ok, is there any plan to give rights to squid to implement version 2
>
> yes --
> the protocol specifications for both WCCPv1 and WCCPv2 are
> available as
> ietf draft documents:
>    WCCPv1:
> http://search.ietf.org/internet-drafts/draft-forster-wrec-wccp
-v1-00.txt
   WCCPv2:
http://search.ietf.org/internet-drafts/draft-wilson-wrec-wccp-v2-00.txt

we will provide an implementation of WCCPv2 for squid for some environments
(linux and perhaps freebsd), however resources are limited on this and it
will happen on a "when convenient".
nothing is stopping anyone else from doing the work in the meantime,
however.


cheers,

lincoln.




_________________________________________________________

Do You Yahoo!?

Get your free @yahoo.com address at http://mail.yahoo.com


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic