Yes, I did it in my ipfw rules. I also created 2 gre interfaces for testing reasons, because the router identifier and the squid gateway are not the same.I also can see packets between the router and the server through gre protocol, but the squid server always show TCP_DENIED/400 1816 GET error:invalid-request - NONE/- text/html. I also have installed FreeBSD 6.2-RELEASE and I use wccp v1. In my router ACL I deny my national traffic and permit any to any in my last sentence. 00048 0 0 deny tcp from any to x.x.142.199 dst-port 3128 00049 0 0 allow gre from x.x.0.129 to x.x.142.199 00050 37687 20281343 allow tcp from x.x.142.199 to any out 00051 233 11168 allow tcp from any 80 to any out 00052 152 10796 allow gre from x.x.142.193 to x.x.142.199 00052 0 0 allow gre from x.x.142.199 to x.x.142.193 00054 0 0 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in recv gre1 00054 152 6968 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in recv gre0 00055 253 17177 allow udp from x.x.142.199 to any dst-port 53 00056 0 0 allow tcp from x.x.142.199 to any dst-port 53 00057 13322 17236149 allow tcp from any 80 to x.x.142.199 in 00067 8420 745002 allow tcp from any to any established 00068 16 932 allow ip from any to any via lo0 00071 549 44800 allow ip from x.x.142.199 to x.x.142.192/28 00072 809 102132 allow ip from x.x.142.192/28 to x.x.142.199 00081 0 0 allow ip from x.x.0.129 to x.x.142.199 00082 26 2080 allow ip from x.x.142.199 to x.x.0.129 My gre-tunnels creation: ifconfig gre0 create ifconfig gre0 x.x.142.199 x.x.142.193 netmask 255.255.255.255 up ifconfig gre0 tunnel x.x.142.199 x.x.142.193 route delete x.x.142.193 ifconfig gre1 create ifconfig gre1 x.x.142.199 x.x.0.129 netmask 255.255.255.255 up ifconfig gre1 tunnel x.x.142.199 x.x.0.129 route delete x.x.0.129 Thanks In advance Humberto -----Mensaje original----- De: Tom Penndorf [mailto:tpenndorf@xxxxxxxxxxxxxxxxx] Enviado el: Thursday, July 09, 2009 1:19 PM Para: Humberto Rodríguez CC: squid-users@xxxxxxxxxxxxxxx Asunto: Re: Problems with WCCP Hello, Am 09.07.2009 um 19:06 schrieb Humberto Rodríguez: > > Hello: > > I have SQUID 2.6.STABLE3 with wccp and a Cisco 3745 router with IOS > Version 12.3(8)T8. I can see packets between the router and the the > squid server, I can browse Internet through 3128 port, but I can't > browse Internet through wccp protocol. > The router always show me what following: > > Global WCCP information: > Router information: > Router Identifier: x.x.x.129 > Protocol Version: 1.0 > > Service Identifier: web-cache > Number of Cache Engines: 1 > Number of routers: 1 > Total Packets Redirected: 4696 > Redirect access-list: cache > Total Packets Denied Redirect: 53336 > Total Packets Unassigned: 0 > Group access-list: -none- > Total Messages Denied to Group: 0 > Total Authentication failures: 0 > 3745-HLG#sh ip wccp web-cache de > 3745-HLG#sh ip wccp web-cache detail > WCCP Cache-Engine information: > Web Cache ID: 0.0.0.0 > Protocol Version: 0.4 > State: Usable > Initial Hash Info: 00000000000000000000000000000000 > 00000000000000000000000000000000 > Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > Hash Allotment: 256 (100.00%) > Packets Redirected: 0 > Connect Time: 00:11:01 > > 3745-HLG#sh ip wccp web-cache view > WCCP Routers Informed of: > -none- > > WCCP Cache Engines Visible: > x.x.x.199 > > WCCP Cache Engines NOT Visible: > -none- > > > > > __________ Information from ESET NOD32 Antivirus, version of virus > signature database 4228 (20090709) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > did you setup an gre-tunnel between Router and Caching-Machine? Is the port 80 forwarded to 3128? Set it up on the squid machine like described in this article: http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2 I think the router setup is ok, but also see this article: http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv12Wccp Tom __________ Information from ESET NOD32 Antivirus, version of virus signature database 4229 (20090709) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
