各位大哥!帮看看wccp+redhat squid3.0的问题!!!!!!

ljp50598313 发布于 2010/01/08 15:12
阅读 969
收藏 0

拓扑图

 

图是用GNS做的,实验环境是用真实设备做的。

环境:路由是2621路由器,ios12.3cache服务器操作系统是redhat5.1squid3.0

路由上面的设置:

Cisco> en
Cisco# config t

我的路由器外网接口f0/0IP192.168.8.222

内网口f0/1IP192.168.1.1

激活路由器的WCCP

Cisco(config)# ip wccp version 2

Cisco(config)# ip wccp web-cache

路由器出口(外网出口)上激活WCCP
Cisco(config)# inter f0/0

Cisco(config-if)# ip wccp web-cache redirect out
Cisco(config-if)# end
Cisco# write

查看 : show ip wccp web-cache

cisco#show ip wccp

Global WCCP information:

    Router information:

        Router Identifier:                   192.168.8.222

        Protocol Version:                    2.0

    Service Identifier: web-cache

        Number of Cache Engines:             1

        Number of routers:                   1

        Total Packets Redirected:            6

        Redirect access-list:                -none-

        Total Packets Denied Redirect:       0

        Total Packets Unassigned:            0

        Group access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

Squid的安装:

现在redhat系统和squid3.0安装完成。并做了如下改动:

开启iptables nat gre模块:

modprobe ip_tables

modprobe iptable_nat

modprobe iptable_filter

modprobe ip_conntrack_ftp

modprobe ip_nat_ftp

modprobe ip_gre

(3)配置GRE隧道

iptunnel add gre1 mode gre remote  192.168.1.1  local 192.168.1.254 dev eth0

(4)  配置本机gre1 地址:

ifconfig gre1 inet 127.0.0.2 netmask 255.255.255.0 up

配置转发:

echo 1 > /proc/sys/net/ipv4/ip_forward

echo 0 > /proc/sys/net/ipv4/tcp_window_scaling

echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter

echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter

echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter

echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter

echo 0 > /proc/sys/net/ipv4/conf/gre1/rp_filter

配置IP转发:

/etc/sysctl.conf文件里增加:net.ipv4.ip_forward = 1

 写入拦截规则并保存:

iptables -t nat -A PREROUTING -i "gre1" -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.254:3128

保存:/sbin/service iptables save 

3.修改了squid.conf文件:

http_port 3128 transparent

wccp2_router 192.168.1.1

wccp_version 4

wccp2_service standard 0

wccp2_forwarding_method 1

wccp2_return_method 1

wccp2_rebuild_wait on

wccp2_assignment_method 1

初始化在 squid.conf 里配置的 cache 目录
#squid -z //
初始化缓存空间
#/etc/init.d/squid start
启动squid

Cisco#show ip wccp web-cache d

WCCP Cache-Engine information:

        Web Cache ID:          192.168.1.254

        Protocol Version:      2.0

        State:                 Usable

        Initial Hash Info:     00000000000000000000000000000000

                               00000000000000000000000000000000

        Assigned Hash Info:    FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

                               FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

        Hash Allotment:        256 (100.00%)

        Packets Redirected:    9

        Connect Time:          00:34:23

在客户机上访问网站,在squid上可以看到从路由器出口上拦截的80请求数据进入Squid

[root@localhost ~]#  tcpdump -n -i eth0 ip proto gre

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

14:07:40.696713 IP 192.168.8.222 > 192.168.1.254: GREv0, length 56: gre-proto-0x883e

14:07:43.605572 IP 192.168.8.222 > 192.168.1.254: GREv0, length 56: gre-proto-0x883e

14:07:49.621129 IP 192.168.8.222 > 192.168.1.254: GREv0, length 56: gre-proto-0x883e

14:35:26.965612 IP 192.168.8.222 > 192.168.1.254: GREv0, length 56: gre-proto-0x883e

14:35:29.918275 IP 192.168.8.222 > 192.168.1.254: GREv0, length 56: gre-proto-0x883e

14:35:35.933897 IP 192.168.8.222 > 192.168.1.254: GREv0, length 56: gre-proto-0x883e

14:36:16.648832 IP 192.168.8.222 > 192.168.1.254: GREv0, length 56: gre-proto-0x883e

14:36:19.683442 IP 192.168.8.222 > 192.168.1.254: GREv0, length 56: gre-proto-0x883e

14:36:25.698989 IP 192.168.8.222 > 192.168.1.254: GREv0, length 56: gre-proto-0x883e

结果客户端还是不能访问网页,不知道是哪里的问题!请高手指点。。。谢谢各位!!!!

加载中
0
l
ljp50598313

怎么没有来帮忙啊!!!!!

0
l
ljp50598313

引用来自“crazyinsomnia”的帖子

迷糊

大哥不这样啊,是小弟什么地方没有说明白,你指出来一下嘛。

返回顶部
顶部