Search squid archive

RE: Problems with WCCP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yes, I did it in my ipfw rules. I also created 2 gre interfaces for testing
reasons,  because the router identifier and the squid gateway are not the
same.I also can see packets between the router and the server through gre
protocol, but the squid server always show TCP_DENIED/400 1816 GET
error:invalid-request - NONE/- text/html.
I also have installed FreeBSD 6.2-RELEASE and I use wccp v1. 
In my router ACL I deny my national traffic and permit any to any in my last
sentence.

00048     0        0 deny tcp from any to x.x.142.199 dst-port 3128
00049     0        0 allow gre from x.x.0.129 to x.x.142.199
00050 37687 20281343 allow tcp from x.x.142.199 to any out
00051   233    11168 allow tcp from any 80 to any out
00052   152    10796 allow gre from x.x.142.193 to x.x.142.199
00052     0        0 allow gre from x.x.142.199 to x.x.142.193
00054     0        0 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in
recv gre1
00054   152     6968 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in
recv gre0
00055   253    17177 allow udp from x.x.142.199 to any dst-port 53
00056     0        0 allow tcp from x.x.142.199 to any dst-port 53
00057 13322 17236149 allow tcp from any 80 to x.x.142.199 in
00067  8420   745002 allow tcp from any to any established
00068    16      932 allow ip from any to any via lo0
00071   549    44800 allow ip from x.x.142.199 to x.x.142.192/28
00072   809   102132 allow ip from x.x.142.192/28 to x.x.142.199
00081     0        0 allow ip from x.x.0.129 to x.x.142.199
00082    26     2080 allow ip from x.x.142.199 to x.x.0.129

My gre-tunnels creation:

ifconfig gre0 create
ifconfig gre0 x.x.142.199 x.x.142.193 netmask 255.255.255.255 up
ifconfig gre0 tunnel x.x.142.199 x.x.142.193
route delete x.x.142.193

ifconfig gre1 create
ifconfig gre1 x.x.142.199 x.x.0.129 netmask 255.255.255.255 up
ifconfig gre1 tunnel x.x.142.199 x.x.0.129
route delete x.x.0.129

Thanks In advance
Humberto

-----Mensaje original-----
De: Tom Penndorf [mailto:tpenndorf@xxxxxxxxxxxxxxxxx] 
Enviado el: Thursday, July 09, 2009 1:19 PM
Para: Humberto Rodríguez
CC: squid-users@xxxxxxxxxxxxxxx
Asunto: Re:  Problems with WCCP 

Hello,


Am 09.07.2009 um 19:06 schrieb Humberto Rodríguez:

>
> Hello:
>
> I have SQUID 2.6.STABLE3 with wccp and a Cisco 3745 router with IOS 
> Version 12.3(8)T8. I can see packets between the router and the the 
> squid server, I can browse Internet through 3128 port, but I can't 
> browse Internet through wccp protocol.
> The router always show me what following:
>
> Global WCCP information:
>    Router information:
>        Router Identifier:                   x.x.x.129
>        Protocol Version:                    1.0
>
>    Service Identifier: web-cache
>        Number of Cache Engines:             1
>        Number of routers:                   1
>        Total Packets Redirected:            4696
>        Redirect access-list:                cache
>        Total Packets Denied Redirect:       53336
>        Total Packets Unassigned:            0
>        Group access-list:                   -none-
>        Total Messages Denied to Group:      0
>        Total Authentication failures:       0
> 3745-HLG#sh ip wccp web-cache de
> 3745-HLG#sh ip wccp web-cache detail
> WCCP Cache-Engine information:
>        Web Cache ID:          0.0.0.0
>        Protocol Version:      0.4
>        State:                 Usable
>        Initial Hash Info:     00000000000000000000000000000000
>                               00000000000000000000000000000000
>        Assigned Hash Info:    FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>                               FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>        Hash Allotment:        256 (100.00%)
>        Packets Redirected:    0
>        Connect Time:          00:11:01
>
> 3745-HLG#sh ip wccp web-cache view
>    WCCP Routers Informed of:
>        -none-
>
>    WCCP Cache Engines Visible:
>        x.x.x.199
>
>    WCCP Cache Engines NOT Visible:
>        -none-
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus 
> signature database 4228 (20090709) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>


did you setup an gre-tunnel between Router and Caching-Machine? Is the port
80 forwarded to 3128?

Set it up on the squid machine like described in this article:
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2

I think the router setup is ok, but also see this article:
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv12Wccp

Tom

  
  

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4229 (20090709) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux