Yanis Sauvé wrote:
Hello everyone,
PIX 525, os 7.2(4), WCCPv2. CentOS 5.4
(2.6.18-164.6.1.el5.centos.plus).
Configuration on PIX side seems to be valid, since I see a lot of
traffic coming from the PIX on the cache-server in Wireshark when the
redirection command is applied to the ingress interface.
I was wondering what it should look like in Wireshark?
Should look like packets arriving on the main interface from the client
host.
Either Pre-NAT (outside the squid box):
client-> web server
squid -> web server
web server -> squid
squid -> client
Or post-NAT (inside the squid box):
client -> squid
squid -> web server
web server -> squid
squid -> client
NP: Squid connects to any IP of the web server independent of the one
the client was trying to connect.
Payload of the sub-stream squid-> server and back should be almost but
not identical to the one to the client.
I do see my GRE tunnel interface but I see no traffic coming through
it, it all comes over the eth0 (actually bond0) interface. Is this
normal?
Yes. In wireshark the gre interface is not visible. gre interface is
unwrapping packets then re-scheduling them through the OS routing stack
as if they arrived on the primary interface. In your case it sounds like
the main one is eth0/bond0.
The only way I know of identifying the exact handling interface is
logging from ebtables or watching the receiving interface counters grow.
If I do requests directly to squid, everything works OK, just not
when the PIX takes care of redirection.
If Squid is configured properly to intercept traffic you should be
seeing NAT errors logged by Squid on non-NAT traffic arriving on the
intercept port.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
Current Beta Squid 3.1.0.15
