Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
laldana
New Contributor

WCCP with SQUID Server Not Working

Hi everyone,

I am trying to configure a WCCP enviroment with SQUID 3.3.8(transparent mode) in Ubuntu 14.04 nevertheless I cant get it to work.  I have tested squid configuring proxy in pc's browser an everything is working fine nevetheless when I try to configure squid in transparent I have problems.  

 

I have read the following articles:

http://kb.fortinet.com/kb/viewContent.do?externalId=FD30096

https://forum.fortinet.com/tm.aspx?m=108892

 

This is the squid configuration: 

#http_access allow localnet http_access allow localhost # Squid normally listens to port 3128 http_port 3128 transparent # FortiGate interface of wccp wccp2_router 10.1.0.5 # wccp version 2 configuration for standard service HTTP on tcp port 80 (service 0) with authentication password 'fortinet' wccp2_service standard 0 password=fortinet # tunneling method GRE for forward traffic wccp2_forwarding_method 1 # tunneling method GRE for return traffic wccp2_return_method 1 # Assignemment method (default), only relevant if multiple caches used wccp2_assignment_method 1 # wccp weight (default) ,only relevant if multiple caches used wccp2_weight 10000 # which interface to use for WCCP (0.0.0.0 determines the interface from routing) wccp2_address 0.0.0.0

GRE Tunnel

wccp0: gre/ip  remote 10.1.0.5  local 10.1.0.8  dev eth0  ttl inherit

 

IPTABLE

# Generated by iptables-save v1.4.21 on Thu Aug 20 18:15:58 2015 *nat :PREROUTING ACCEPT [1668040:126050746] :INPUT ACCEPT [186627:27399152] :OUTPUT ACCEPT [4199:385961] :POSTROUTING ACCEPT [4199:385961] -A PREROUTING -i wccp0 -p tcp -m tcp -j REDIRECT --to-ports 3128 COMMIT # Completed on Thu Aug 20 18:15:58 2015 # Generated by iptables-save v1.4.21 on Thu Aug 20 18:15:58 2015 *filter :INPUT ACCEPT [1554065:251097054] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [72693:13451620] COMMIT # Completed on Thu Aug 20 18:15:58 2015

 

wccp0 Link encap:UNSPEC  HWaddr 0A-01-00-08-30-30-3A-30-00-00-00-00-00-00-00-00             inet addr:10.1.0.8  P-t-P:10.1.0.8  Mask:255.255.255.255           inet6 addr: fe80::5efe:a01:8/64 Scope:Link           UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1           RX packets:0 errors:0 dropped:0 overruns:0 frame:0           TX packets:6 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:0           RX bytes:0 (0.0 B)  TX bytes:360 (360.0 B)

FORTIGATE CONFIGURATION

config system wccp     edit "0"         set router-id 10.1.0.5         set group-address 0.0.0.0         set server-list 10.1.0.8 255.255.255.255         set authentication enable         set forward-method GRE         set return-method GRE         set assignment-method HASH         set password ENC fortip0NS3Lq4MdyhQuQfAJPwE+GStZjO+cu8ZAxJACySkQsJAGjrK53F9XXO4nhKUDPxEUlyCVwfykXbLRMklXqs85PYKN1WNvP/os2/EhdM5vk+Ypvtz51z6j1Y1BOjd1H1796V94IU0B7uPUsA6eUg3uK4FrK+TcqVKpLroXWujjEkY4whzA52XnEBbNxHX15gQ==     next end

 

I have enable wccp in port1 to which the internal network and squid are connected.   Nevertheless when I test wccp, I do not have any cache server available.

 

# diagnose test application wccpd 1 vdoms=1 pkts=0

# diagnose test application wccpd 2 vdom-root: work mode:router working NAT first_phy_id=6   interface list:     intf=port1, gid=6 phy_id=6   service list:     service: 0, router_id=10.1.0.5, group=0.0.0.0, auth(yes)       access      access:10.1.0.8/255.255.255.255) forward=1       return=1, assign=1.       erouter_id=10.1.0.5

 

# diagnose test application wccpd 3 service-0 in vdom-root: num=0, usable=0

 

I will thanks any advice regarding this issue.  

 

Best Regards,

 

 

 

 

 

 

 

 

 

 

 

 

 

 

0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors