Re: Problems with WCCP

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

Humberto Rodríguez wrote:
> Yes, I did it in my ipfw rules. I also created 2 gre interfaces for testing
> reasons,  because the router identifier and the squid gateway are not the
> same.I also can see packets between the router and the server through gre
> protocol, but the squid server always show TCP_DENIED/400 1816 GET
> error:invalid-request - NONE/- text/html.

Did you remember to set the transparent or intercept option on http_port?

And what does this request headers look like that Squid is complaining 
about?


Amos

> I also have installed FreeBSD 6.2-RELEASE and I use wccp v1. 
> In my router ACL I deny my national traffic and permit any to any in my last
> sentence.
>
> 00048     0        0 deny tcp from any to x.x.142.199 dst-port 3128
> 00049     0        0 allow gre from x.x.0.129 to x.x.142.199
> 00050 37687 20281343 allow tcp from x.x.142.199 to any out
> 00051   233    11168 allow tcp from any 80 to any out
> 00052   152    10796 allow gre from x.x.142.193 to x.x.142.199
> 00052     0        0 allow gre from x.x.142.199 to x.x.142.193
> 00054     0        0 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in
> recv gre1
> 00054   152     6968 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in
> recv gre0
> 00055   253    17177 allow udp from x.x.142.199 to any dst-port 53
> 00056     0        0 allow tcp from x.x.142.199 to any dst-port 53
> 00057 13322 17236149 allow tcp from any 80 to x.x.142.199 in
> 00067  8420   745002 allow tcp from any to any established
> 00068    16      932 allow ip from any to any via lo0
> 00071   549    44800 allow ip from x.x.142.199 to x.x.142.192/28
> 00072   809   102132 allow ip from x.x.142.192/28 to x.x.142.199
> 00081     0        0 allow ip from x.x.0.129 to x.x.142.199
> 00082    26     2080 allow ip from x.x.142.199 to x.x.0.129
>
> My gre-tunnels creation:
>
> ifconfig gre0 create
> ifconfig gre0 x.x.142.199 x.x.142.193 netmask 255.255.255.255 up
> ifconfig gre0 tunnel x.x.142.199 x.x.142.193
> route delete x.x.142.193
>
> ifconfig gre1 create
> ifconfig gre1 x.x.142.199 x.x.0.129 netmask 255.255.255.255 up
> ifconfig gre1 tunnel x.x.142.199 x.x.0.129
> route delete x.x.0.129
>
> Thanks In advance
> Humberto
>
> -----Mensaje original-----
> De: Tom Penndorf [mailto:tpenndorf@xxxxxxxxxxxxxxxxx] 
> Enviado el: Thursday, July 09, 2009 1:19 PM
> Para: Humberto Rodríguez
> CC: squid-users@xxxxxxxxxxxxxxx
> Asunto: Re:  Problems with WCCP 
>
> Hello,
>
>
> Am 09.07.2009 um 19:06 schrieb Humberto Rodríguez:
>
> > Hello:
> >
> > I have SQUID 2.6.STABLE3 with wccp and a Cisco 3745 router with IOS 
> > Version 12.3(8)T8. I can see packets between the router and the the 
> > squid server, I can browse Internet through 3128 port, but I can't 
> > browse Internet through wccp protocol.
> > The router always show me what following:
> >
> > Global WCCP information:
> >    Router information:
> >        Router Identifier:                   x.x.x.129
> >        Protocol Version:                    1.0
> >
> >    Service Identifier: web-cache
> >        Number of Cache Engines:             1
> >        Number of routers:                   1
> >        Total Packets Redirected:            4696
> >        Redirect access-list:                cache
> >        Total Packets Denied Redirect:       53336
> >        Total Packets Unassigned:            0
> >        Group access-list:                   -none-
> >        Total Messages Denied to Group:      0
> >        Total Authentication failures:       0
> > 3745-HLG#sh ip wccp web-cache de
> > 3745-HLG#sh ip wccp web-cache detail
> > WCCP Cache-Engine information:
> >        Web Cache ID:          0.0.0.0
> >        Protocol Version:      0.4
> >        State:                 Usable
> >        Initial Hash Info:     00000000000000000000000000000000
> >                               00000000000000000000000000000000
> >        Assigned Hash Info:    FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> >                               FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> >        Hash Allotment:        256 (100.00%)
> >        Packets Redirected:    0
> >        Connect Time:          00:11:01
> >
> > 3745-HLG#sh ip wccp web-cache view
> >    WCCP Routers Informed of:
> >        -none-
> >
> >    WCCP Cache Engines Visible:
> >        x.x.x.199
> >
> >    WCCP Cache Engines NOT Visible:
> >        -none-
> >
> >
> >
> >
> > __________ Information from ESET NOD32 Antivirus, version of virus 
> > signature database 4228 (20090709) __________
> >
> > The message was checked by ESET NOD32 Antivirus.
> >
> > http://www.eset.com
>
>
> did you setup an gre-tunnel between Router and Caching-Machine? Is the port
> 80 forwarded to 3128?
>
> Set it up on the squid machine like described in this article:
> http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2
>
> I think the router setup is ok, but also see this article:
> http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv12Wccp
>
> Tom
>
>   
>   
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature
> database 4229 (20090709) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com


--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
  Current Beta Squid 3.1.0.9