Hmm..perhaps I should have just stuck with linux instead of trying FreeBSD for this one. Can I know what version of Linux you managed to get it working on Adrian? I tried turning on the link2 flag for good measure: gre0: flags=f051<UP,POINTOPOINT,RUNNING,LINK0,LINK1,LINK2,MULTICAST> mtu 1476 tunnel inet 192.168.1.8 --> 192.168.254.2 inet6 fe80::xxxx%gre0 prefixlen 64 scopeid 0x4 inet 192.166.1.8 --> 192.168.254.2 netmask 0xffffffff ipfw shows the packets are being forwarded to port 3128 which is the port squid is listening to: 00048 16942 1400049 allow gre from any to any 00049 1019 275497 allow tcp from 192.168.1.8 to any 00050 16934 924921 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 06000 2371 1041172 allow ip from any to any 65535 4 437 deny ip from any to any I believe the problem is Squid receiving WCCP messages from 192.168.1.3 but gre packets from 192.168.254.3 (the highest ip on its interfaces). Any ways around this? I thought of NAT but that would add an extra overhead on the whole thing. Am I right in thinking that way or is there something else. Meanwhile, plan B: download Linux! woon On 9/25/06, Adrian Chadd <adrian@xxxxxxxxxxxxxxx> wrote:
On Mon, Sep 25, 2006, Wei Kian Woon wrote: > Hi all, > > First of all, hello. I'm new to Squid, but learning fast (i hope!) Welcome! > I'm trying to implement transparent proxying using Squid 2.6 stable4 > on FreeBSD 6.1, while the WCCP router is a Cisco 5500 running > 12.2(28a) IOS. I managed to get the router to acquire successfully the > Squid cache. There's some problem with the GRE portion however. When I > do a tcpdump on the BSD server it show that the router is forwarding a > lot of GREv0 packets to the server which is good, but the BSD server > is not responding to it. The thing I observed was that the router > associates with the BSD server originally through WCCP using the > (fake) ip address of 192.168.1.3 , but when it sends the GRE packets > with a source ip of 192.168.254.3, which is the highest ip address in > the router (thus the router identifier is 192.168.254.3). I created > the gre0 tunnel on the BSD with the commands: > > ifconfig gre0 create > ifconfig gre0 192.168.1.8 192.168.254.3 netmask 255.255.255.255 up > (192.168.1.8 is the server ip) > ifconfig gre0 tunnel 192.168.1.8 192.168.254.4 > route delete 192.168.254.4 > > I added the device gre option into the kernel config, together with > the options IPFIREWALL and IPFIREWALL_FORWARD (ipfw tested to work), > and recompiled the kernel. Problem is that there's no reply from the > BSD server to the gre packets from the router. How can I fix this? > There doesnt seem to be a way to change the router identifier on the > cisco router (bar renumbering the router ip addresses!). Anyone have > any ideas? I've managed to get Squid-2.6+WCCPv2 to work fine under Linux+iptables but I've been completely unable to do it under FreeBSD+pf. I know redirected requests are working fine, its just the GRE decapsulation thats being weird. Just like you've noticed. Its nice to know someone else is having the same problem. Is anyone here successfully running WCCPv1 or WCCPv2 with FreeBSD 6.x? Adrian