Hi all,
Thanks to everyone who supports the great Squid! The Wiki and this
mail-list have been very useful to me, but this time I'm stuck and I
can't find any previous example to take off from there, so I was
hoping for you guys feeling generous today and give me a clue or
two... :)
I want to do transparent redirection using a 3550 cisco switch, but it
doesn't redirect any packet at all.
My setup is like this:
- Squid2.6stable14 on Ubuntu server 7.04 and a switch which has an
up-to-date IP services IOS image.
- The clients, the Squid, and the internet access are each one on
separated switch virtual interfaces (SVI).
- Although they aren't directly connected, there are no firewalls or
any L3 hops between Squid and the switch.
The docs says I have to use L2 redirection instead of GRE, but the
switch doesn't even want to acknowledge the Squid-box (NOT usable, it
says) when my WCCP configuration is like this:
wccp2_forwarding_method 2
wccp2_return_method 2
wccp2_assignment_method 2
And the cache.log file shows this:
fatal error - A WCCP router has specified a different assignment
method 1, expected 2
Changing the Assignment method to 1 didn't had any effect, so I
changed the Return method too, like this:
wccp2_forwarding_method 2
wccp2_return_method 1
wccp2_assignment_method 1
After that, everything looked like if it were going to work:
- No related errors inside "cache.log".
- The switch reported the following:
WCCP Client ID: 10.10.2.2
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: GRE
Assignment: HASH
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets s/w Redirected: 0
Connect Time: 00:08:11
Bypassed Packets
Process: 0
CEF: 0
- And even the GRE tunnel seems to be up:
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 10.10.2.2:2048 10.10.2.1:2048 ESTABLISHED
BUT the clients are still able to browse internet directly, and the
access.log file shows no activity.
Mystery ~ ~ ~
If someone have any clues, please send a message...
Thanks,
Horacio.
P.D. Other relevant configuration:
+ Switch related:
ip wccp web-cache
interface Vlan6
description Clients
ip wccp web-cache redirect in
+ Squid related:
http_port 8081 transparent
+ Iptables rules:
# for L2 redirection
iptables -t nat -A PREROUTING -i eth0 -p tcp -d 10.10.2.2/32 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-ports 8081
# for GRE redirection*
iptables -t nat -A PREROUTING -i gre0 -p tcp -j REDIRECT --to-ports 8081
* -> I know, normally used from-router-2-squid way. In this case,
not used for forwarding, but may be needed for return method? help
here!
+ GRE tunnel ** (/etc/network/interfaces):
auto gre0
iface gre0 inet static
address 172.16.1.1
netmask 255.255.255.252
broadcast 172.16.1.3
** -> for GRE redirection to work, the IP address its not relevant,
found out at some place and proved with a router but not so sure in
this setup... help!
# ip tunnel
gre0: gre/ip remote any local any ttl inherit nopmtudis
