Cisco
interface Vlan2
ip address 192.168.100.250 255.255.255.0
ip access-group STUFF in
ip wccp web-cache redirect in
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1380
ip nat inside source list WCCP_Server interface Dialer0 overload
ip wccp web-cache redirect-list WCCP_Redirect password foobar
ip access-list standard WCCP_Server
permit 192.168.100.6
ip access-list extended WCCP_Redirect
remark ACL for WCCP proxy access
remark Squid proxies bypass WCCP
deny ip host 192.168.100.6 any
remark LAN clients proxy port 80 only
permit tcp 192.168.100.0 0.0.0.255 any eq www
remark all others bypass WCCP
deny ip any any
Linux:
ip tunnel add wccp0 mode gre remote 192.168.100.250 local 192.168.100.6 eth0
ifconfig wccp0 192.168.100.6 netmask 255.255.255.255 up
echo 0 >/proc/sys/net/ipv4/conf/wccp0/rp_filter
echo 0 >/proc/sys/net/ipv4/conf/eth0/rp_filter
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -j MASQUERADE
Squid:
http_port 3128 interceptОснова взята сдесь: http://wiki.squid-cache.org/Features/Wccp2
wccp2_router 192.168.100.250
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_service standert 0 password=foobar
