I have heard that Squid supports Cisco WCCP version 1 and 2, I need a proxy server / cache engine that can help me do proof of concept with WCCP.
I created a VM which runs on CentOS, and install squid:
yum install squid -y
I modified the configuration on this path
#This example specify the subnet that is allowed to use squid proxy. acl PERMIT_HOST src 22.214.171.124/24 #This statement allow the source subnet to surf the web through squid proxy. http_access allow PERMIT_HOST
By default Squid proxy uses TCP 3128, but this can be modified by looking for this line
http_port 3128 here you can modify the tcp port number of your proxy.
If the squid proxy is between your hosts and internet, then you may need to turn on ip forward.
sysctl -w net.ipv4.ip_forward=1
You can check the ip_forward status by using
Lastly add statements to allow your proxy clients (browsers) to access the squid proxy, modify the iptables rule in this script file in this path
/etc/syconfig/iptables. CentOS contains a set of pre-defined iptables rules. Add this rule in the INPUT chain before this line
-A INPUT -j REJECT --reject-with icmp-host-prohibited.
#126.96.36.199 is just an example for my proxy server ip address -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 188.8.131.52 --dport 3128 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
This statement allows incoming client to connect to the squid proxy. You can omit the
-d 184.108.40.206 statement, as long as the destination port matches tcp 3128 iptables will allow.
I have read a tutorial which also added a statement on OUTPUT chain, but this is not necessary, this is because default iptables rule allow anything to anywhere from OUTPUT chain. However the statement on OUTPUT chain is like this:
-A OUPUT -p tcp -s 220.127.116.11 -sport 3128 -d 0/0 --dport 1024:65535 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT.
Credit of the iptables statement for squid goes to this link.
After the iptables script has been modified, restart the iptables service
Use your favourite web browser and put in the proxy server as the one you have configured. You should be able to surf the net via proxy server.