FreeBSD router and WCCP
Andrew Pantyukhin
infofarmer at FreeBSD.org
Mon Nov 19 06:52:41 PST 2007
On Mon, Nov 19, 2007 at 08:58:34AM -0500, Steve Bertrand wrote:
> Andrew Pantyukhin wrote:
> > On Fri, Nov 16, 2007 at 12:48:52PM -0500, Steve Bertrand wrote:
> >> Does anyone know of a way to configure WCCP redirect support into a
> >> FreeBSD based router without having to install squid?
> >
> > I've only used FreeBSD as a WCCPv1/v2 sink (receiver), but you
> > can try sending out packets out of gre(4). That should probably
> > work.
> >
> > If you're trying to redirect traffic to another machine running
> > squid, consider avoiding WCCP, it's not a very bright protocol.j
>
> Thanks for the response.
>
> We are deploying a commercial appliance as a content filter, so I can
> only assume that it is running a customized version of Squid but I don't
> know.
>
> Do you have any recommendation on what I should use if WCCP is not
> recommended?
ipfw forwarding is a very easy way to redirect traffic without
changing it. PF has similar functionality. It all depends on what
the appliance supports. If wccp is the only way it can eat
packets, try playing with gre(4). But maybe it'll consume just
plain packets with "wrong" IP destinations arriving on its MAC
address, just the way squid on FreeBSD does.
BTW, if the appliance supports ICAP, you'll be much better off
running squid on a FreeBSD box and filtering content through
ICAP.
> The filter will not be inline, and it will be an opt-in type service, so
> only certain traffic will need to be redirected.
You'll be able to use ipfw or pf to tune the policies to a very
fine degree.
More information about the freebsd-questions
mailing list