Stufish wrote:
Hi,
I have the following simple network set up on the bench:
Squid box
x.x.11.90/30
|
|
7206
Internet x.x.61.62/30 ----------- Router ------------ Client PC x.x.11.94/30
In the router wccp service group 99 redirects HTTP requests to squid and
service group 96 redirects the HTTP replies from the internet to squid.
I have the service groups set up in squid and the router verifies this by
displaying a service group client for both 96 and 99.
My problem is that only service group 96 (replies from the internet) is
performing any redirection. I think the gre tunnel is correctly set up as
when I perform a TCP dump at the squid box, I can see the HTTP replys from
the internet being passed to the squid box in a gre tunnel.
Below is the WCCP stats from the router:
show ip wccp
Global WCCP information:
Router information:
Router Identifier: x.x.61.93
Protocol Version: 2.0
Service Identifier: 96
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 326
Process: 0
Fast: 0
CEF: 326
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Service Identifier: 99
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 0
Process: 0
Fast: 0
CEF: 0
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Also below is the router config:
Building configuration...
Current configuration : 1200 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip wccp check services all
ip wccp 96
ip wccp 99
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/1
description traffic from user network to internet
ip address x.x.61.93 255.255.255.252
ip wccp 99 redirect in
load-interval 30
duplex full
speed 100
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/2
description Squid
ip address x.x.61.89 255.255.255.252
load-interval 30
duplex full
speed 100
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/3
description traffic from internet to user network
ip address x.x.61.61 255.255.255.252
ip wccp 96 redirect in
duplex full
speed 100
media-type rj45
no negotiation auto
!
interface ATM1/0
no ip address
shutdown
no atm ilmi-keepalive
!
ip route 0.0.0.0 0.0.0.0 x.x.60.1
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
line vty 0 4
!
!
end
Could anyone suggest some reasons why only the the HTTP reply traffic from
the internet (service group 96) is being redirected?
Regards,
Stuart
Hint: Any idea why there is reply traffic going to a machine which has
no reason to make said requests in the first place?
I think your clients are contacting Squid directly.
It _is_ preferable that client software contacts the proxy directly as a
proxy and uses it that way.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
Current Beta Squid 3.1.0.14
