On Wed, 23 Feb 2005, Jesse Guardiani wrote:
#sh ip wccp web-cache detail WCCP Cache-Engine information: IP Address: 192.168.10.2 Protocol Version: 2.0 State: Usable Initial Hash Info: 00000000000000000000000000000000 00000000000000000000000000000000 Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Hash Allotment: 256 (100.00%) Packets Redirected: 509 Connect Time: 00:30:51
Good.
# iptunnel gre0: gre/ip remote any local any ttl inherit nopmtudisc gre1: gre/ip remote 192.168.10.1 local 192.168.10.2 dev eth0 ttl inherit
OK, I think.. (not sure about the first..)
# iptables -t nat -L -v Chain PREROUTING (policy ACCEPT 158 packets, 20654 bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- eth0:22 any anywhere anywhere tcp dpt:www redir ports 3128 0 0 REDIRECT tcp -- eth0 any anywhere anywhere tcp dpt:www redir ports 3128
Hmm.. the packets will be coming in on the gre device, not eth0. At least unless the WCCPv2 patch is configured to send the redirected packets by direct routing without GRE/WCCPv2 encapsulation.
The strange thing is that my test machine is set up to use the router as my default gateway, and the router claims it is redirecting packets. However, I never see any hits on iptables rules or in access.log, yet my test machine can still browse the web!
What does tcpdump say?
Shouldn't the cisco be marking the cache as unusable or block the web traffic?
Yes..
Regards Henrik