Search squid archive

Re: WCCP / no return traffic on gre interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

tor 2007-05-10 klockan 13:10 -0400 skrev Chad Harrelson:

> Can you think of anything else?

Check your firewall rules on the Squid server. The message suggests that
the "I_SEE_YOU" messages isn't reaching your Squid.

> Like I said, this work with protocol
> 1.  Also, the only other strange config I have is that my GRE
> interface is a real routable IP (150.125.125.187/29).  Most of the
> documents I see say to use the same IP as eth0 but with a 32 bit mask.
>  When I do this I get the protocol 47 ICMP unreachable error in
> tcpdump.

Below is assuming you are using Linux. Think you said you are, but not
sure...

GRE has two sets of addresses.

a) The tunnel endpoint addresses (local & remote). These MUST match the
traffic sent by the router. Also known as link addresses. Use tcpdump on
the ethernet interface if you are unsure how the router encapsulates the
traffic.

b) Local interface address. Doesn't really matter what it's set to, but
should be set to an IP address usable on your network.

And the interface must be UP.

It's hard to see all of these using the obsolete ifconfig command, but
if you use the modern ip command then everything is shown nicely.

ip addr show wccp0

5: wccp0@eth0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue 
    link/gre 1.2.3.4 peer 5.6.7.8
    inet 10.20.30.40/32 scope global wccp0


The device @eth0 must be the physical device where the GRE packets is
being received.

The link/gre line must match the addresses used by the router on the
intercepted traffic.  1.2.3.4 is the router IP (source), 5.6.7.8 is the
server IP (destination).

The inet line should list an IP which is usable on your network and
identifying the server. But it's not very important here as no traffic
is going out via this GRE tunnel. For simplicity I recommend using the
same IP as the ethernet inteface matching the local GRE endpoint.

As no traffic should be routed out this WCCP GRE interface I recommend
using a /32 address. The only practical difference is that if you use a
full network then you automatically get a route for that network via the
GRE interface..


Regards
Henrik

Attachment: signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux