Hmm..perhaps I should have just stuck with linux instead of trying
FreeBSD for this one. Can I know what version of Linux you managed to
get it working on Adrian?
I tried turning on the link2 flag for good measure:
gre0: flags=f051<UP,POINTOPOINT,RUNNING,LINK0,LINK1,LINK2,MULTICAST> mtu 1476
tunnel inet 192.168.1.8 --> 192.168.254.2
inet6 fe80::xxxx%gre0 prefixlen 64 scopeid 0x4
inet 192.166.1.8 --> 192.168.254.2 netmask 0xffffffff
ipfw shows the packets are being forwarded to port 3128 which is the
port squid is listening to:
00048 16942 1400049 allow gre from any to any
00049 1019 275497 allow tcp from 192.168.1.8 to any
00050 16934 924921 fwd 127.0.0.1,3128 tcp from any to any dst-port 80
06000 2371 1041172 allow ip from any to any
65535 4 437 deny ip from any to any
I believe the problem is Squid receiving WCCP messages from
192.168.1.3 but gre packets from 192.168.254.3 (the highest ip on its
interfaces). Any ways around this? I thought of NAT but that would add
an extra overhead on the whole thing. Am I right in thinking that way
or is there something else.
Meanwhile, plan B: download Linux!
woon
On 9/25/06, Adrian Chadd <adrian@xxxxxxxxxxxxxxx> wrote:
On Mon, Sep 25, 2006, Wei Kian Woon wrote:
> Hi all,
>
> First of all, hello. I'm new to Squid, but learning fast (i hope!)
Welcome!
> I'm trying to implement transparent proxying using Squid 2.6 stable4
> on FreeBSD 6.1, while the WCCP router is a Cisco 5500 running
> 12.2(28a) IOS. I managed to get the router to acquire successfully the
> Squid cache. There's some problem with the GRE portion however. When I
> do a tcpdump on the BSD server it show that the router is forwarding a
> lot of GREv0 packets to the server which is good, but the BSD server
> is not responding to it. The thing I observed was that the router
> associates with the BSD server originally through WCCP using the
> (fake) ip address of 192.168.1.3 , but when it sends the GRE packets
> with a source ip of 192.168.254.3, which is the highest ip address in
> the router (thus the router identifier is 192.168.254.3). I created
> the gre0 tunnel on the BSD with the commands:
>
> ifconfig gre0 create
> ifconfig gre0 192.168.1.8 192.168.254.3 netmask 255.255.255.255 up
> (192.168.1.8 is the server ip)
> ifconfig gre0 tunnel 192.168.1.8 192.168.254.4
> route delete 192.168.254.4
>
> I added the device gre option into the kernel config, together with
> the options IPFIREWALL and IPFIREWALL_FORWARD (ipfw tested to work),
> and recompiled the kernel. Problem is that there's no reply from the
> BSD server to the gre packets from the router. How can I fix this?
> There doesnt seem to be a way to change the router identifier on the
> cisco router (bar renumbering the router ip addresses!). Anyone have
> any ideas?
I've managed to get Squid-2.6+WCCPv2 to work fine under Linux+iptables
but I've been completely unable to do it under FreeBSD+pf. I know
redirected requests are working fine, its just the GRE decapsulation
thats being weird. Just like you've noticed.
Its nice to know someone else is having the same problem.
Is anyone here successfully running WCCPv1 or WCCPv2 with FreeBSD 6.x?
Adrian
