Humberto Rodríguez wrote:
Yes, I did it in my ipfw rules. I also created 2 gre interfaces for testing
reasons, because the router identifier and the squid gateway are not the
same.I also can see packets between the router and the server through gre
protocol, but the squid server always show TCP_DENIED/400 1816 GET
error:invalid-request - NONE/- text/html.
Did you remember to set the transparent or intercept option on http_port?
And what does this request headers look like that Squid is complaining
about?
Amos
I also have installed FreeBSD 6.2-RELEASE and I use wccp v1.
In my router ACL I deny my national traffic and permit any to any in my last
sentence.
00048 0 0 deny tcp from any to x.x.142.199 dst-port 3128
00049 0 0 allow gre from x.x.0.129 to x.x.142.199
00050 37687 20281343 allow tcp from x.x.142.199 to any out
00051 233 11168 allow tcp from any 80 to any out
00052 152 10796 allow gre from x.x.142.193 to x.x.142.199
00052 0 0 allow gre from x.x.142.199 to x.x.142.193
00054 0 0 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in
recv gre1
00054 152 6968 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in
recv gre0
00055 253 17177 allow udp from x.x.142.199 to any dst-port 53
00056 0 0 allow tcp from x.x.142.199 to any dst-port 53
00057 13322 17236149 allow tcp from any 80 to x.x.142.199 in
00067 8420 745002 allow tcp from any to any established
00068 16 932 allow ip from any to any via lo0
00071 549 44800 allow ip from x.x.142.199 to x.x.142.192/28
00072 809 102132 allow ip from x.x.142.192/28 to x.x.142.199
00081 0 0 allow ip from x.x.0.129 to x.x.142.199
00082 26 2080 allow ip from x.x.142.199 to x.x.0.129
My gre-tunnels creation:
ifconfig gre0 create
ifconfig gre0 x.x.142.199 x.x.142.193 netmask 255.255.255.255 up
ifconfig gre0 tunnel x.x.142.199 x.x.142.193
route delete x.x.142.193
ifconfig gre1 create
ifconfig gre1 x.x.142.199 x.x.0.129 netmask 255.255.255.255 up
ifconfig gre1 tunnel x.x.142.199 x.x.0.129
route delete x.x.0.129
Thanks In advance
Humberto
-----Mensaje original-----
De: Tom Penndorf [mailto:tpenndorf@xxxxxxxxxxxxxxxxx]
Enviado el: Thursday, July 09, 2009 1:19 PM
Para: Humberto Rodríguez
CC: squid-users@xxxxxxxxxxxxxxx
Asunto: Re: Problems with WCCP
Hello,
Am 09.07.2009 um 19:06 schrieb Humberto Rodríguez:
Hello:
I have SQUID 2.6.STABLE3 with wccp and a Cisco 3745 router with IOS
Version 12.3(8)T8. I can see packets between the router and the the
squid server, I can browse Internet through 3128 port, but I can't
browse Internet through wccp protocol.
The router always show me what following:
Global WCCP information:
Router information:
Router Identifier: x.x.x.129
Protocol Version: 1.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 4696
Redirect access-list: cache
Total Packets Denied Redirect: 53336
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
3745-HLG#sh ip wccp web-cache de
3745-HLG#sh ip wccp web-cache detail
WCCP Cache-Engine information:
Web Cache ID: 0.0.0.0
Protocol Version: 0.4
State: Usable
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 0
Connect Time: 00:11:01
3745-HLG#sh ip wccp web-cache view
WCCP Routers Informed of:
-none-
WCCP Cache Engines Visible:
x.x.x.199
WCCP Cache Engines NOT Visible:
-none-
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4228 (20090709) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
did you setup an gre-tunnel between Router and Caching-Machine? Is the port
80 forwarded to 3128?
Set it up on the squid machine like described in this article:
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2
I think the router setup is ok, but also see this article:
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv12Wccp
Tom
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4229 (20090709) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
Current Beta Squid 3.1.0.9