Squid and WCCP

  • Hello,

    Am trying to set squid up to work with a cisco router via WCCP.

    Anyway am trying with pfsense1.2.3RC1 and squid 3 package.

    First thing noticed is couldn't enter multiple custom parameters into squid 3 GUI, it folded multiple lines into 1 and broke the config file.  Anyway tried again by sshing into the pfsense box and directly editing the squid.conf file in /usr/local/etc/squid changing these parameters:
    http port 3128 transparent

    Custom Settings

    wccp2_router <router ip="">wccp2_forwarding_method 1
    wccp2_return_method 1
    wccp2_Service_standard 0

    Configured the gre tunnel on the pfsense side.

    ifconfig gre0 create

    if config gre0 <pfsense ip=""><router ip="">netmask link2 tunnel <pfsense ip=""><router ip="">up

    Restarted squid….the cisco router showed it as registering as a cache all good.  Now need to add a custom rule to forward all traffic coming in on the gre on port 80 up to squid on port 3128, squid doc says try this:

    ipfw add 100 fwd,3128 tcp from any to any 80 recv gre0

    ipfw: getsockopt(IP_FW_ADD): Protocol not available

    ...as shown above command didnt work, what's the proper way to do this on pfsense?</router></pfsense></router></pfsense></router>

  • Updating, was using the wrong tool to try and forward the incoming wccp requests, need to use pf to pass the requests.

    ie need to add a rule like to pf.conf:
    rdr pass on gre0 inet proto tcp to any port 80 -> port 3128

    But there is no /etc/pf.conf file, pfsense seems to be adding pf rules somewhere else, looking at the output of pfctl there are a whole bunch of pf rules already in place.  Tried going to the web interface and adding a rule there figuring it would be magically translated into a pf rule, but could not figure out how.  Since i manually created a gre0 tunnel to the cisco router the web firewall has 2 new interfaces PPPOE and PPTP so i guess it is getting mixed up.

Log in to reply