Ramzi Abdallah wrote:
I am trying with no luck to setup squid Version 3.0.STABLE10 (Fedora core 9)
with wccp2. The configuration seems to be ok at least this is what the debug
logs are showing however squid does not receive any traffic. I tested squid
by pointing the browser to its IP and it works fine.
GRE tunnel and iptables configuration:
--------------------------------------
ip tunnel add wccp0 mode gre remote 192.168.114.250 local 192.168.114.15 dev
eth0
ip addr add 192.168.114.15/32 dev wccp0
ip link set wccp0 up
iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j REDIRECT
--to-port 3128
for some reason iptables -L is not showing anything
iptables by default shows "-t filter"
try: iptables -t nat -L
squid configuration:
-------------------
http_port 192.168.114.15:3128 transparent
wccp2_router 192.168.114.250
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0
GRE tunnel on the squid server
-------------------------------
wccp0 Link encap:UNSPEC HWaddr
C0-A8-72-0F-62-00-F4-3F-00-00-00-00-00-00-00-00
inet addr:192.168.114.15 P-t-P:192.168.114.15
Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
RX packets:898 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:36632 (35.7 KiB) TX bytes:0 (0.0 b)
tcpdump output
--------------
[root@mail ~]# tcpdump -i wccp0
tcpdump: WARNING: arptype 778 not supported by libpcap - falling back to
cooked socket
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wccp0, link-type LINUX_SLL (Linux cooked), capture size 96
bytes
12:55:08.548572 IP 192.168.114.24.58324 > 216.239.59.99.http: S
1289957374:1289957374(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:11.528111 IP 192.168.114.24.58324 > 216.239.59.99.http: S
1289957374:1289957374(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:17.530878 IP 192.168.114.24.58324 > 216.239.59.99.http: S
1289957374:1289957374(0) win 8192 <mss 1460,nop,nop,sackOK>
12:55:29.537282 IP 192.168.114.24.58325 > 216.239.59.103.http: S
3738044508:3738044508(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:32.530428 IP 192.168.114.24.58325 > 216.239.59.103.http: S
3738044508:3738044508(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:38.535350 IP 192.168.114.24.58325 > 216.239.59.103.http: S
3738044508:3738044508(0) win 8192 <mss 1460,nop,nop,sackOK>
12:55:50.547796 IP 192.168.114.24.58326 > 216.239.59.104.http: S
1946578578:1946578578(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:53.558196 IP 192.168.114.24.58326 > 216.239.59.104.http: S
1946578578:1946578578(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:59.580059 IP 192.168.114.24.58326 > 216.239.59.104.http: S
1946578578:1946578578(0) win 8192 <mss 1460,nop,nop,sackOK>
12:56:11.576625 IP 192.168.114.24.58334 > gv-in-f147.google.com.http: S
2444367043:2444367043(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:56:14.587049 IP 192.168.114.24.58334 > gv-in-f147.google.com.http: S
2444367043:2444367043(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
Cisco Router configuration
--------------------------
gatekeeper#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.3(18), RELEASE
SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Wed 15-Mar-06 14:16 by dchih
Image text-base: 0x80008098, data-base: 0x81A0888C
ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
ROM: C2600 Software (C2600-IK9O3S3-M), Version 12.3(18), RELEASE SOFTWARE
(fc3)
gatekeeper uptime is 10 hours, 43 minutes
System returned to ROM by reload at 02:43:47 GMT Sun Feb 8 2009
System restarted at 02:46:30 GMT Sun Feb 8 2009
System image file is "flash:c2600-ik9o3s3-mz.123-18.bin"
interface FastEthernet0/0
description Office LAN
ip address 192.168.114.250 255.255.255.0
ip wccp web-cache redirect in
ip nat inside
ip nbar protocol-discovery
ip route-cache flow
duplex auto
speed auto
gatekeeper#sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 192.168.114.250
Protocol Version: 2.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 30
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
----
gatekeeper#sh ip wccp web-cache detail
WCCP Cache-Engine information:
Web Cache ID: 192.168.114.15
Protocol Version: 2.0
State: Usable
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 30
Connect Time: 04:21:48
Router wccp debug
.Feb 7 21:11:09.541: WCCP-PKT:S00: Sending I_See_You packet to
192.168.114.15 w/ rcv_id 00000377
.Feb 7 21:11:19.550: WCCP-PKT:S00: Received valid Here_I_Am packet from
192.168.114.15 w/rcv_id 00000377
.Feb 7 21:11:19.550: WCCP-PKT:S00: Sending I_See_You packet to
192.168.114.15 w/ rcv_id 00000378
.Feb 7 21:11:29.558: WCCP-PKT:S00: Received valid Here_I_Am packet from
192.168.114.15 w/rcv_id 00000378
.Feb 7 21:11:29.558: WCCP-PKT:S00: Sending I_See_You packet to
192.168.114.15 w/ rcv_id 00000379
.Feb 7 21:11:39.567: WCCP-PKT:S00: Received valid Here_I_Am packet from
192.168.114.15 w/rcv_id 00000379
Does the squid cache.log show anything similar?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
Current Beta Squid 3.1.0.5
