[CentOS] Squid + wccp + firewalld

Tue Jan 16 15:29:10 UTC 2018
Ranbir <m3freak at thesandhufamily.ca>

Hi Everyone,

I'm trying to get squid + wccp on a Centos 7 box working with a Cisco
router. I've done this before several times using Centos 6 and
iptables, but never on Centos 7 with firewalld.

I've searched far and wide for clear, concise instructions on how to do
 what I want in Centos 7. I've pieced together what I've found to come
up with what I thought should work. Unfortunately, squid simply refuses
to respond.

At the moment, it looks like squid isn't forwarding the requests it's
receiving from the router over the GRE tunnel interface. The cisco
router is showing the tunnel is up and active, which means wccp is
working in that sense.

I've edited sysctl.conf exactly as I would have on a Centos 6 box.
Squid is configured like it would have been on a Centos 6 box, too.
Here are the firewall rules:

[root at s0989-stocac1 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens192 tun0
  services: ctc-custom dhcpv6-client ssh
  ports: 8081/tcp 3127/tcp 3128/tcp 8080/tcp
  masquerade: yes
  forward-ports: port=80:proto=tcp:toport=3127:toaddr=
  rich rules:
        rule family="ipv4" source address="" protocol value="gre" accept
 [root at s0989-stocac1 ~]# firewall-cmd --direct --get-all-rules
ipv4 nat PREROUTING 0 -i tun0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3127

Does anyone have any pointers/tips? I think I've messed up the
firewalld rules somehow, but I'm not sure.

Thanks in advance.