Thank you so much. I forgot transparent option on http_port, I have another old versions of squid running from long ago and it is not needed that options. -----Mensaje original----- De: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Enviado el: Friday, July 10, 2009 10:02 AM Para: Humberto Rodríguez CC: 'Tom Penndorf'; squid-users@xxxxxxxxxxxxxxx Asunto: Re: Problems with WCCP Humberto Rodríguez wrote: > Yes, I did it in my ipfw rules. I also created 2 gre interfaces for > testing reasons, because the router identifier and the squid gateway > are not the same.I also can see packets between the router and the > server through gre protocol, but the squid server always show > TCP_DENIED/400 1816 GET error:invalid-request - NONE/- text/html. Did you remember to set the transparent or intercept option on http_port? And what does this request headers look like that Squid is complaining about? Amos > I also have installed FreeBSD 6.2-RELEASE and I use wccp v1. > In my router ACL I deny my national traffic and permit any to any in my last > sentence. > > 00048 0 0 deny tcp from any to x.x.142.199 dst-port 3128 > 00049 0 0 allow gre from x.x.0.129 to x.x.142.199 > 00050 37687 20281343 allow tcp from x.x.142.199 to any out > 00051 233 11168 allow tcp from any 80 to any out > 00052 152 10796 allow gre from x.x.142.193 to x.x.142.199 > 00052 0 0 allow gre from x.x.142.199 to x.x.142.193 > 00054 0 0 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in > recv gre1 > 00054 152 6968 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in > recv gre0 > 00055 253 17177 allow udp from x.x.142.199 to any dst-port 53 > 00056 0 0 allow tcp from x.x.142.199 to any dst-port 53 > 00057 13322 17236149 allow tcp from any 80 to x.x.142.199 in > 00067 8420 745002 allow tcp from any to any established > 00068 16 932 allow ip from any to any via lo0 > 00071 549 44800 allow ip from x.x.142.199 to x.x.142.192/28 > 00072 809 102132 allow ip from x.x.142.192/28 to x.x.142.199 > 00081 0 0 allow ip from x.x.0.129 to x.x.142.199 > 00082 26 2080 allow ip from x.x.142.199 to x.x.0.129 > > My gre-tunnels creation: > > ifconfig gre0 create > ifconfig gre0 x.x.142.199 x.x.142.193 netmask 255.255.255.255 up > ifconfig gre0 tunnel x.x.142.199 x.x.142.193 > route delete x.x.142.193 > > ifconfig gre1 create > ifconfig gre1 x.x.142.199 x.x.0.129 netmask 255.255.255.255 up > ifconfig gre1 tunnel x.x.142.199 x.x.0.129 > route delete x.x.0.129 > > Thanks In advance > Humberto > > -----Mensaje original----- > De: Tom Penndorf [mailto:tpenndorf@xxxxxxxxxxxxxxxxx] > Enviado el: Thursday, July 09, 2009 1:19 PM > Para: Humberto Rodríguez > CC: squid-users@xxxxxxxxxxxxxxx > Asunto: Re: Problems with WCCP > > Hello, > > > Am 09.07.2009 um 19:06 schrieb Humberto Rodríguez: > >> Hello: >> >> I have SQUID 2.6.STABLE3 with wccp and a Cisco 3745 router with IOS >> Version 12.3(8)T8. I can see packets between the router and the the >> squid server, I can browse Internet through 3128 port, but I can't >> browse Internet through wccp protocol. >> The router always show me what following: >> >> Global WCCP information: >> Router information: >> Router Identifier: x.x.x.129 >> Protocol Version: 1.0 >> >> Service Identifier: web-cache >> Number of Cache Engines: 1 >> Number of routers: 1 >> Total Packets Redirected: 4696 >> Redirect access-list: cache >> Total Packets Denied Redirect: 53336 >> Total Packets Unassigned: 0 >> Group access-list: -none- >> Total Messages Denied to Group: 0 >> Total Authentication failures: 0 >> 3745-HLG#sh ip wccp web-cache de >> 3745-HLG#sh ip wccp web-cache detail >> WCCP Cache-Engine information: >> Web Cache ID: 0.0.0.0 >> Protocol Version: 0.4 >> State: Usable >> Initial Hash Info: 00000000000000000000000000000000 >> 00000000000000000000000000000000 >> Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF >> FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF >> Hash Allotment: 256 (100.00%) >> Packets Redirected: 0 >> Connect Time: 00:11:01 >> >> 3745-HLG#sh ip wccp web-cache view >> WCCP Routers Informed of: >> -none- >> >> WCCP Cache Engines Visible: >> x.x.x.199 >> >> WCCP Cache Engines NOT Visible: >> -none- >> >> >> >> >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature database 4228 (20090709) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com >> >> > > > did you setup an gre-tunnel between Router and Caching-Machine? Is the port > 80 forwarded to 3128? > > Set it up on the squid machine like described in this article: > http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2 > > I think the router setup is ok, but also see this article: > http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv12Wccp > > Tom > > > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 4229 (20090709) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16 Current Beta Squid 3.1.0.9 __________ Information from ESET NOD32 Antivirus, version of virus signature database 4229 (20090709) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
