Search squid archive

Re: Squid - WCCP and ASA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 16 Jun 2009 16:49:56 -0700, Parvinder Bhasin
<parvinder.bhasin@xxxxxxxxx> wrote:
> I have setup of squid ..which was compiled with --enable-delay-pools  
> option.  Works really well but without WCCP.
> I enabled WCCP support in the squid config and also enabled wccp  
> support on my ASA.  Setup GRE tunnel etc.
> For my testing purpose I am only having ONE client IP go through  
> WCCP.  The problem is I am able to see that client on the GRE1  
> interface (the requests) of the proxy server but that client is not  
> getting anything back reply back.  Do I need anything in iptables to  
> allow etc???  do I need to compile with some transparent support?? if  
> so which one would I use for ASA?
> 
>   Any help is highly appreciated.
> 
> 
> Here is part of my config:
> 
> http_port 3128 transparent
> 
> wccp2_router 192.168.100.250
> wccp_version 4
> wccp2_forwarding_method 1
> wccp2_return_method 1
> wccp2_service standard 0
> 
> Additionally here is what I did to setup tunnel:
> 
> modprobe ip_gre
> iptunnel add gre1 mode gre remote $ASA_IP local $LOCAL_IP dev eth0
> ifconfig gre1 inet 127.0.0.2 netmask 255.255.255.0 up
> 

IIRC localhost IDs 127.0.0.0/8 are hardware-limited to only be usable for
traffic internal to the box.
If WCCP is going on a tunnel it will likely need an externally visible IP
for the router to send to.

> echo 1 > /proc/sys/net/ipv4/ip_forward
> echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
> echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/gre1/rp_filter
> 
> iptables -t nat -A PREROUTING -i gre1 -p tcp -m tcp --dport 80 -j  
> REDIRECT --to-port
> 3128
> 
> I do see the RX counter going up but not the TX on gre1:
> 
> gre1      Link encap:UNSPEC  HWaddr C0-A8-64-CF-B7-BF-C8- 
> C2-00-00-00-00-00-00-00-00
>            inet addr:127.0.0.2  P-t-P:127.0.0.2  Mask:255.255.255.0
>            UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
>            RX packets:1559 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:0
>            RX bytes:83432 (81.4 KiB)  TX bytes:0 (0.0 b)
> 
> Here is tcpdump output:
> 
> [root@squidnclamav etc]# tcpdump -i gre1 host 192.168.100.175 and port  
> not ssh
> tcpdump: WARNING: arptype 778 not supported by libpcap - falling back  
> to cooked socket
> tcpdump: verbose output suppressed, use -v or -vv for full protocol  
> decode
> listening on gre1, link-type LINUX_SLL (Linux cooked), capture size 96  
> bytes
> 14:13:37.615862 IP 192.168.100.175.52257 > cf-in-f99.google.com.http:  
> S 3689381709:3689381709(0) win 65535 <mss 1460,sackOK,eol>
> 14:13:45.524999 IP 192.168.100.175.52256 >  
> bs2.ads.vip.sp1.yahoo.com.http: S 2516726129:2516726129(0) win 65535  
> <mss 1460,sackOK,eol>
> 14:13:45.525001 IP 192.168.100.175.52255 >  
> bs2.ads.vip.sp1.yahoo.com.http: S 878462413:878462413(0) win 65535  
> <mss 1460,sackOK,eol>
> 14:13:45.525002 IP 192.168.100.175.52254 >  
> bs2.ads.vip.sp1.yahoo.com.http: S 1528706489:1528706489(0) win 65535  
> <mss 1460,sackOK,eol>
> 14:13:45.525003 IP 192.168.100.175.52253 >  
> bs2.ads.vip.sp1.yahoo.com.http: S 1578413587:1578413587(0) win 65535  
> <mss 1460,sackOK,eol>
> 14:13:47.427509 IP 192.168.100.175.52252 >  
> mc2b.mail.vip.re1.yahoo.com.http: S 3796070861:3796070861(0) win 65535  
> <mss 1460,sackOK,eol>
> 14:13:47.886251 IP 192.168.100.175.52259 >  
> f1.www.vip.sp1.yahoo.com.http: S 1111547104:1111547104(0) win 65535  
> <mss 1460,nop,wscale 3,nop,nop,timestamp 322113293 0,sackOK,eol>
> 14:13:48.127001 IP 192.168.100.175.52260 > hp-core.ebay.com.http: S  
> 357937093:357937093(0) win 65535 <mss 1460,nop,wscale  
> 3,nop,nop,timestamp 322113295 0,sackOK,eol>
> 14:13:48.829652 IP 192.168.100.175.52259 >  
> f1.www.vip.sp1.yahoo.com.http: S 1111547104:1111547104(0) win 65535  
> <mss 1460,nop,wscale 3,nop,nop,timestamp 322113302 0,sackOK,eol>
> 14:13:49.029600 IP 192.168.100.175.52260 > hp-core.ebay.com.http: S  
> 357937093:357937093(0) win 65535 <mss 1460,nop,wscale  
> 3,nop,nop,timestamp 322113304 0,sackOK,eol>
> 14:13:49.820922 IP 192.168.100.175.52259 >  
> f1.www.vip.sp1.yahoo.com.http: S 1111547104:1111547104(0) win 65535  
> <mss 1460,nop,wscale 3,nop,nop,timestamp 322113312 0,sackOK,eol>
> 14:13:50.030914 IP 192.168.100.175.52260 > hp-core.ebay.com.http: S  
> 357937093:357937093(0) win 65535 <mss 1460,nop,wscale  
> 3,nop,nop,timestamp 322113314 0,sackOK,eol>

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux