Search squid archive

Re: WCCP / no return traffic on gre interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hi Henrik,

I caught this thread as I was fighting the same issue, and this dialogue got me much farther. But not quite there so i have a question if you do not mind.

I have a Cisco 1841 doing wccpv2 with an ACL that, for now, trap only my wifi laptops web traffic on the DSL egress BVI1 interface. Squid is a Gentoo Linux box on a 10.0.0.20/24 address, off FastEtherenet0/0.1. My Wifi Station is 10.0.2.10/24 off FastEtherenet0/0.5.

Squid listening on port 3128 transparent, iptables REDIRECT from 80 to 3128. wccp0 gre tunnel is up and shows traffic recieved from the router.

Squid works great as I have firefox manually using 10.0.0.20 port 80 as a proxy, so my iptables redirect is doing it's job, and Squid is happy as a proxy.

When I run IE7 on the same laptop with no proxy, I see my router catch it, and send ther request to my proxy. The eth0/wccp0 port has it come in (tshark -i wccp0 shows the web request, tshark -i eth0 -R ip proto gre shows the gre traffic of the same)

But Squid in debug mode shows no hit to the proxy server process.

I suspect that the WCCPv2 is working, but the traffic is not making it to Squid from the end of the GRE tunnel.

Debug from router:

WCCP-PKT:S00: Received valid Here_I_Am packet from 10.0.0.20 w/rcv_id 00000B48
WCCP-PKT:S00: Sending I_See_You packet to 10.0.0.20 w/ rcv_id 00000B49
WCCP-PKT:S00: Received valid Here_I_Am packet from 10.0.0.20 w/rcv_id 00000B49
WCCP-PKT:S00: Sending I_See_You packet to 10.0.0.20 w/ rcv_id 00000B4A

Debug ip packet (permit gre any any)

IP: s=222.222.222.222 (FastEthernet0/0.5), d=10.0.0.20 (FastEthernet0/0.1), IP: g=10.0.0.20, len 80, forward, proto=47 IP: s=222.222.222.222 (FastEthernet0/0.5), d=10.0.0.20 (FastEthernet0/0.1), IP: g=10.0.0.20, len 80, forward, proto=47

My router has a loopback of 222.222.222.222 so I would know it easily in tunnel config. The real outside IP it was using was 209.162.205.230 on BVI1 and that is where the "ip wccp web-cache redirect out" command lives.

A sniff on my proxy server, as I have IE7 do a google search:

goonie ~ # tshark -R gre
Capturing on eth0
8.212647 mater.nickellson.com -> po-in-f147.google.com TCP 2087 > http [SYN] Seq=0 Len=0 MSS=1260 WS=0 11.218921 mater.nickellson.com -> po-in-f147.google.com TCP 2087 > http [SYN] Seq=0 Len=0 MSS=1260 WS=0 17.255232 mater.nickellson.com -> po-in-f147.google.com TCP 2087 > http [SYN] Seq=0 Len=0 MSS=1260 WS=0

This is how I am surmizing WCCPv2 is OK, as I get the GRE redirect.

Squid cache.log under debug:

2007/05/19 15:31:37| wccp2HereIam: sending to service id 0
2007/05/19 15:31:37| Sending HereIam packet size 144
2007/05/19 15:31:37| Incoming WCCPv2 I_SEE_YOU length 132.
2007/05/19 15:31:37| Complete packet received
2007/05/19 15:31:37| Incoming WCCP2_I_SEE_YOU Received ID old=3039 new=3040.
2007/05/19 15:31:37| Cleaning out cache list
2007/05/19 15:31:37| checking cache list: (1400000a:1400000a)
2007/05/19 15:31:37| Change not detected (5 = 5)

I think I have followed the bunny trail pretty far here and I wold love some advice on how to debug this further. How can I see between the redirect packet landing on eth0 from the wccp0 tunnel to why iptables never gets it to squid?

iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
ACCEPT     0    --  anywhere             10.0.2.0/24
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128
ACCEPT     0    --  anywhere             10.0.0.0/24
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128

ip addr show wccp0
4: wccp0@eth0: <POINTOPOINT,NOARP,UP,10000> mtu 1476 qdisc noqueue
     link/gre 10.0.0.20 peer 222.222.222.222
     inet 10.0.0.20/32 scope global wccp0

Nick



--
Nick Ellson
Dad
CCDA, CCNP, CCSP, CCAI,
MCSE 2000, Security+, Network+
Network Hobbyist, VFR Private Pilot.


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux