Hi Everyone,
I'm trying to get squid + wccp on a Centos 7 box working with a Cisco router. I've done this before several times using Centos 6 and iptables, but never on Centos 7 with firewalld.
I've searched far and wide for clear, concise instructions on how to do what I want in Centos 7. I've pieced together what I've found to come up with what I thought should work. Unfortunately, squid simply refuses to respond.
At the moment, it looks like squid isn't forwarding the requests it's receiving from the router over the GRE tunnel interface. The cisco router is showing the tunnel is up and active, which means wccp is working in that sense.
I've edited sysctl.conf exactly as I would have on a Centos 6 box. Squid is configured like it would have been on a Centos 6 box, too. Here are the firewall rules:
[root@s0989-stocac1 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 tun0 sources: services: ctc-custom dhcpv6-client ssh ports: 8081/tcp 3127/tcp 3128/tcp 8080/tcp protocols: masquerade: yes forward-ports: port=80:proto=tcp:toport=3127:toaddr=1.1.1.1 sourceports: icmp-blocks: rich rules: rule family="ipv4" source address="2.2.2.0/26" protocol value="gre" accept
[root@s0989-stocac1 ~]# firewall-cmd --direct --get-all-rules ipv4 nat POSTROUTING 0 -j MASQUERADE ipv4 nat PREROUTING 0 -i tun0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3127
Does anyone have any pointers/tips? I think I've messed up the firewalld rules somehow, but I'm not sure.
Thanks in advance.