On Mon, Sep 25, 2006, Wei Kian Woon wrote: > Hi all, > > First of all, hello. I'm new to Squid, but learning fast (i hope!) Welcome! > I'm trying to implement transparent proxying using Squid 2.6 stable4 > on FreeBSD 6.1, while the WCCP router is a Cisco 5500 running > 12.2(28a) IOS. I managed to get the router to acquire successfully the > Squid cache. There's some problem with the GRE portion however. When I > do a tcpdump on the BSD server it show that the router is forwarding a > lot of GREv0 packets to the server which is good, but the BSD server > is not responding to it. The thing I observed was that the router > associates with the BSD server originally through WCCP using the > (fake) ip address of 192.168.1.3 , but when it sends the GRE packets > with a source ip of 192.168.254.3, which is the highest ip address in > the router (thus the router identifier is 192.168.254.3). I created > the gre0 tunnel on the BSD with the commands: > > ifconfig gre0 create > ifconfig gre0 192.168.1.8 192.168.254.3 netmask 255.255.255.255 up > (192.168.1.8 is the server ip) > ifconfig gre0 tunnel 192.168.1.8 192.168.254.4 > route delete 192.168.254.4 > > I added the device gre option into the kernel config, together with > the options IPFIREWALL and IPFIREWALL_FORWARD (ipfw tested to work), > and recompiled the kernel. Problem is that there's no reply from the > BSD server to the gre packets from the router. How can I fix this? > There doesnt seem to be a way to change the router identifier on the > cisco router (bar renumbering the router ip addresses!). Anyone have > any ideas? I've managed to get Squid-2.6+WCCPv2 to work fine under Linux+iptables but I've been completely unable to do it under FreeBSD+pf. I know redirected requests are working fine, its just the GRE decapsulation thats being weird. Just like you've noticed. Its nice to know someone else is having the same problem. Is anyone here successfully running WCCPv1 or WCCPv2 with FreeBSD 6.x? Adrian