Search squid archive

Re: CentOS/Squid/Tproxy but no transfer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Am 14.07.2009 um 06:25 schrieb Adrian Chadd:

2009/7/14 Amos Jeffries <squid3@xxxxxxxxxxxxx>:

Do you have an example of this particular (mis) configuration? The
note in the Wiki article isn't very clear.

I don't. The admin only mentioned that by adding a bypass on service group
fixed the issue.
I had a tcpdump of as set of requests showing pairs of seemingly identical
requests arriving from the router within 1sec of each other. On deep
inspection the slightly delayed one showed some minor alterations such as
Squid makes from the first.

Right. But what was the squid config, cisco config and network
topology for both the "doesn't work" and "works" setups?

If there is any way to make the wiki clearer without wholesale including of
per-IOS config setting go for it.

Well, it may  boil down to per-IOS config and per-platform, per-IOS
config. The problem is getting some more information to at least
document what is needed.

The behavior I saw was:

 enable wccpv2 + NAT intercept with wiki config
  ==> perfectly working, not a sign of any squid-sourced packets.

Right, probably because it was using one service group and the
half-duplex redirection needed for normal, non-tproxy interception was
being done.

swap NAT for tproxy4 with the wiki config (no change to WCCP or links)
  ==> loop trace showing squid outward packets coming IN from WCCP.

Yeah that won't work. :)

So I say "seems" and "appears" to be an automatic bypass in WCCP or router somewhere. No idea where. "may" need bypassing manually to fix tproxy.

Well, the automatic bypass should be "if the router sees packets from
an IP address or MAC of a registered device, it should be passing it
through." I have no idea whether it is doing this without explicit
"don't further redirect" rules (eg by deny entries in the redirect
list, or "wccp exclude in", etc) because that may absolutely be
platform, IOS and WCCPv2 negotiation type dependant.

So please, poke the admin in question to get as much information about
the configuration and setup of everything.



Adrian


If it's possible, the easier solution could be, to have the squid behind the same interface of the router with the clients.


Tom


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux