On Tue, 07 Sep 2010 13:59:05 -0400, "Chris Abel" <cabel@xxxxxxxxxxxx> wrote: > Hello Everyone! > > I seem to be very close to getting this to work, but I'm running into some > problems. First I'll explain my background story. > > I need a transparent proxy and the proxy server will need to be able to > view the client's IP address. I currently have a sonicwall router which > forwards all web traffic to the proxy. This is transparent and it works, > but it gives the sonicwall ip address as the client's ip address. I cannot > see who went to what. > > I was told WCCP will maintain the source ip address. I've been following > this tutorial almost strictly word by word: > http://www.digitalnerds.net/linux/transparent-squid-with-wccp/ OMG! that tutorial is so broken I'm surprised their Squid even starts. > > The only thing I changed is that I am using wccpv2 instead of 1. When I > enable wccp on the router I can no longer download web pages, but I can > ping the web servers. On the router side I do see traffic going through as > CEF when I do a "show ip wccp". On the linux server side I also see gre1 > encapsulation packets on the gre interface and I also get entrys in my > cache.log for squid, but I don't know what they mean: Please understand WCCP *only* routes packets going to port 80. ping and any other testing which involves protocols and ports other than port 80 HTTP give false results. <snip> > 50. > 2010/09/03 14:47:08| WCCP Disabled. WCCPv1 is turned off... > 51. > 2010/09/03 14:47:08| Accepting WCCPv2 messages on port 2048, FD 14. WCCPv2 is turned on... > 52. > 2010/09/03 14:47:08| Initialising all WCCPv2 lists > 53. > 2010/09/03 14:47:08| Ready to serve requests. > 54. > 2010/09/03 14:47:08| Done reading /var/spool/squid swaplog (3901 > entries) > 55. > 2010/09/03 14:47:08| Finished rebuilding storage from disk. > 56. > 2010/09/03 14:47:08| 3901 Entries scanned > 57. > 2010/09/03 14:47:08| 0 Invalid entries. > 58. > 2010/09/03 14:47:08| 0 With invalid flags. > 59. > 2010/09/03 14:47:08| 3901 Objects loaded. > 60. > 2010/09/03 14:47:08| 0 Objects expired. > 61. > 2010/09/03 14:47:08| 0 Objects cancelled. > 62. > 2010/09/03 14:47:08| 0 Duplicate URLs purged. > 63. > 2010/09/03 14:47:08| 0 Swapfile clashes avoided. > 64. > 2010/09/03 14:47:08| Took 0.4 seconds (11008.4 objects/sec). > 65. > 2010/09/03 14:47:08| Beginning Validation Procedure > 66. > 2010/09/03 14:47:08| Completed Validation Procedure > 67. > 2010/09/03 14:47:08| Validated 3901 Entries > 68. > 2010/09/03 14:47:08| store_swap_size = 92096k > 69. > 2010/09/03 14:47:08| storeLateRelease: released 0 objects > > > I'm not sure where to go from here. It looks like everythings working, but > it obviously is not. Is there anything else I can try? Any other ways to > help me debug this? > First, check your configuration for Squid and its firewall match this page: http://wiki.squid-cache.org/Features/Wccp2#Squid_configuration_for_WCCP_version_2 An alternative to WCCP is to do real routing, we have an example for a 2501 here: http://wiki.squid-cache.org/ConfigExamples/Intercept/Cisco2501PolicyRoute For the troubleshooting; * There is no indication in the cache.log that the cisco or Squid are in contact with each other. Check the cisco wccp information to see if its got any knowledge of Squid. * check if requests are getting into Squid. access.log should have records of every request attempt made, even failed ones. * the 'usual' problem when this behaviour is seen is that packets going from squid get looped back somewhere strange. They are supposed to get a free pass out to the Internet. Whether or not they go back to the cisco to do so is optional. Squid by default will hold off sending its HERE_I_AM message to the cisco until the cache has been fully loaded and Squid is actually ready for service. If you have a large cache (GB) wccp2_rebuild_wait can make it not wait, but you will see degraded service until the cache is available. Amos