partially solved, my iptables patch not complete (re-patch again with
iptables tar source, not rpm)
right now :
-no /var/log/message indicate error
-no cache.log error
I saw wccp hit increments at router, by redirect packet to squid-box .
Service Identifier: 80
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 1123
Redirect access-list: 155
Total Packets Denied Redirect: 650922
Total Packets Unassigned: 25043
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Service Identifier: 90
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 224
Redirect access-list: 156
Total Packets Denied Redirect: 206844
Total Packets Unassigned: 17095
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
I saw hit increments in iptables :
Chain PREROUTING (policy ACCEPT 11517 packets, 2009K bytes)
pkts bytes target prot opt in out source
destination
76 24942 TPROXY all -- any any anywhere anywhere
TPROXY redirect 0.0.0.0:3128
But still no hit at access.log, and my host still can't open the web
My last squid-box config :
#iptables :
iptables -t tproxy -A PREROUTING -j TPROXY --on-port 3128
#part squid.conf :
http_port 3128 transparent tproxy vhost vport=80
always_direct allow all
wccp2_router y.y.y.y
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service dynamic 80
wccp2_service dynamic 90
wccp2_service_info 80 protocol=tcp flags=dst_ip_hash priority=240 ports=80
wccp2_service_info 90 protocol=tcp flags=src_ip_hash,ports_source
priority=240 ports=80
#part of my cisco config:
ip wccp 80 redirect-list 155
ip wccp 90 redirect-list 156
int fasteth0 >ip wccp 80 redirect out
int fasteth1 >ip wccp 90 redirect out
int fasteth3 >ip wccp redirect exclude in ( the port that squid-box
attached)
access-list 155 permit ip host x.x.x.x any
access-list 156 permit ip any host x.x.x.x
#modules:
[root@tproxy sbin]# lsmod
Module Size Used by
ipt_TPROXY 2176 1
iptable_tproxy 17708 1
ip_nat 18604 1 iptable_tproxy
ip_conntrack 49836 2 iptable_tproxy,ip_nat
ip_tables 20096 2 ipt_TPROXY,iptable_tproxy
ip_gre 13472 0
Does anyone try this with success? no-clues when googled
regards,
Tino
----- Original Message -----
From: "tino" <tino.kriswanto@xxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, July 11, 2006 9:27 AM
Subject: error transparent squid.2.6.stable1 with wccpv2 and tproxy
Hi,
I just install squid.2.6.stable1, kernel 2.6.15.7 with cttproxy
It work good when running transparent & wccpv2 web-cache mode
But when I addding wccp dynamic service for IP-Spoof, I get an error :
2006/07/11 08:00:37| tproxy ip=x.x.x.x,0x7a0989ca,port=0 ERROR ASSIGN
#part of my squid.conf :
http_port 3128 transparent tproxy vhost vport=80
always_direct allow all
wccp2_router x.x.x.x
wccp_version 4
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0
wccp2_service dynamic 90
wccp2_service_info 90 protocol=tcp flags=src_ip_hash priority=1 ports=80
#part of my cisco run:
ip wccp web-cache redirect-list 155
ip wccp 90 redirect-list 156
int fasteth0 >ip wccp web-cache redirect out
int fasteth1 >ip wccp 90 redirect out
#my iptables at linux:
Chain PREROUTING (policy ACCEPT 262 packets, 18290 bytes)
pkts bytes target prot opt in out source
destination
112 6710 REDIRECT tcp -- gre0 any anywhere
anywhere
tcp dpt:http redir ports 3128
#my sysctl:
[root@tproxy sbin]# sysctl -a | grep rp.filter
net.ipv4.conf.gre0.arp_filter = 0
net.ipv4.conf.gre0.rp_filter = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
regards,
Tino
