Well actually it seems like we found the problem. We were testing 3 of
the 4 routers, and only 1 of those was having issues. By turning on the
options "no ip redirects" and "no ip proxy-arp" on the router's ethernet
interfaces, the problem went away. Also with that ipfw config, that's
just how it was specified online (and the other squid box has the same
config method).
Ryan Thoryk
Adrian Chadd wrote:
On Thu, Jan 24, 2008, Ryan Thoryk wrote:
I've got more information (on the FreeBSD side):
The packets are coming in over the GRE interface, but seem to be
randomly disappearing after the IPFW forward operation (forwards to
localhost:3128).
Here's the ipfw config:
00150 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 via gre0 in
00250 fwd 127.0.0.1,3128 ip from any to any via gre0 in
Why are you doing that?
You don't need to redirect the ip at all. Well, in theory you -should-
be to handle ICMP messages, but I don't think that works at all atm
(and is an OS related issue.)
Just do:
add fwd 127.0.0.1,3128 tcp from any to any 80 in via gre0
add fwd 127.0.0.1,3128 tcp from any to any 80 in via gre1
add fwd 127.0.0.1,3128 tcp from any to any 80 in via gre2
.. etc
And see what that does.
I've got multiple WCCPv2 aware routers but i'm in the middle of getting
TPROXY stuff documented and so I can't easily change it all around
to support multiple routers with potential asymmetric traffic paths
for WCCPv2 (which is what you're trying to achieve.)
That requires quite a lot of time :/
Adrian
