Squid and WCCP
Am trying to set squid up to work with a cisco router via WCCP.
Anyway am trying with pfsense1.2.3RC1 and squid 3 package.
First thing noticed is couldn't enter multiple custom parameters into squid 3 GUI, it folded multiple lines into 1 and broke the config file. Anyway tried again by sshing into the pfsense box and directly editing the squid.conf file in /usr/local/etc/squid changing these parameters:
http port 3128 transparent
wccp2_router <router ip="">wccp2_forwarding_method 1
Configured the gre tunnel on the pfsense side.
if config gre0 <pfsense ip=""><router ip="">netmask 255.255.255.255 link2 tunnel <pfsense ip=""><router ip="">up
Restarted squid….the cisco router showed it as registering as a cache all good. Now need to add a custom rule to forward all traffic coming in on the gre on port 80 up to squid on port 3128, squid doc says try this:
ipfw: getsockopt(IP_FW_ADD): Protocol not available
...as shown above command didnt work, what's the proper way to do this on pfsense?</router></pfsense></router></pfsense></router>
Updating, was using the wrong tool to try and forward the incoming wccp requests, need to use pf to pass the requests.
ie need to add a rule like to pf.conf:
rdr pass on gre0 inet proto tcp to any port 80 -> 127.0.0.1:3128 port 3128
But there is no /etc/pf.conf file, pfsense seems to be adding pf rules somewhere else, looking at the output of pfctl there are a whole bunch of pf rules already in place. Tried going to the web interface and adding a rule there figuring it would be magically translated into a pf rule, but could not figure out how. Since i manually created a gre0 tunnel to the cisco router the web firewall has 2 new interfaces PPPOE and PPTP so i guess it is getting mixed up.