Amos Jeffries <squid3@xxxxxxxxxxxxx> writes: >On Tue, 07 Sep 2010 13:59:05 -0400, "Chris Abel" <cabel@xxxxxxxxxxxx> >wrote: >> Hello Everyone! >> >> I seem to be very close to getting this to work, but I'm running into >some >> problems. First I'll explain my background story. >> >> I need a transparent proxy and the proxy server will need to be able to >> view the client's IP address. I currently have a sonicwall router which >> forwards all web traffic to the proxy. This is transparent and it works, >> but it gives the sonicwall ip address as the client's ip address. I >cannot >> see who went to what. >> >> I was told WCCP will maintain the source ip address. I've been following >> this tutorial almost strictly word by word: >> http://www.digitalnerds.net/linux/transparent-squid-with-wccp/ > >OMG! that tutorial is so broken I'm surprised their Squid even starts. > >> >> The only thing I changed is that I am using wccpv2 instead of 1. When I >> enable wccp on the router I can no longer download web pages, but I can >> ping the web servers. On the router side I do see traffic going through >as >> CEF when I do a "show ip wccp". On the linux server side I also see gre1 >> encapsulation packets on the gre interface and I also get entrys in my >> cache.log for squid, but I don't know what they mean: > >Please understand WCCP *only* routes packets going to port 80. ping and >any other testing which involves protocols and ports other than port 80 >HTTP give false results. > ><snip> >> 50. >> 2010/09/03 14:47:08| WCCP Disabled. > >WCCPv1 is turned off... > > >> 51. >> 2010/09/03 14:47:08| Accepting WCCPv2 messages on port 2048, FD >14. > >WCCPv2 is turned on... > >> 52. >> 2010/09/03 14:47:08| Initialising all WCCPv2 lists >> 53. >> 2010/09/03 14:47:08| Ready to serve requests. >> 54. >> 2010/09/03 14:47:08| Done reading /var/spool/squid swaplog (3901 >> entries) >> 55. >> 2010/09/03 14:47:08| Finished rebuilding storage from disk. >> 56. >> 2010/09/03 14:47:08| 3901 Entries scanned >> 57. >> 2010/09/03 14:47:08| 0 Invalid entries. >> 58. >> 2010/09/03 14:47:08| 0 With invalid flags. >> 59. >> 2010/09/03 14:47:08| 3901 Objects loaded. >> 60. >> 2010/09/03 14:47:08| 0 Objects expired. >> 61. >> 2010/09/03 14:47:08| 0 Objects cancelled. >> 62. >> 2010/09/03 14:47:08| 0 Duplicate URLs purged. >> 63. >> 2010/09/03 14:47:08| 0 Swapfile clashes avoided. >> 64. >> 2010/09/03 14:47:08| Took 0.4 seconds (11008.4 objects/sec). >> 65. >> 2010/09/03 14:47:08| Beginning Validation Procedure >> 66. >> 2010/09/03 14:47:08| Completed Validation Procedure >> 67. >> 2010/09/03 14:47:08| Validated 3901 Entries >> 68. >> 2010/09/03 14:47:08| store_swap_size = 92096k >> 69. >> 2010/09/03 14:47:08| storeLateRelease: released 0 objects >> >> >> I'm not sure where to go from here. It looks like everythings working, >but >> it obviously is not. Is there anything else I can try? Any other ways to >> help me debug this? >> > >First, check your configuration for Squid and its firewall match this >page: >http://wiki.squid-cache.org/Features/Wccp2#Squid_configuration_for_WCCP_version_2 > >An alternative to WCCP is to do real routing, we have an example for a >2501 here: >http://wiki.squid-cache.org/ConfigExamples/Intercept/Cisco2501PolicyRoute > > >For the troubleshooting; > * There is no indication in the cache.log that the cisco or Squid are in >contact with each other. Check the cisco wccp information to see if its >got >any knowledge of Squid. > * check if requests are getting into Squid. access.log should have >records of every request attempt made, even failed ones. > * the 'usual' problem when this behaviour is seen is that packets going >from squid get looped back somewhere strange. They are supposed to get a >free pass out to the Internet. Whether or not they go back to the cisco to >do so is optional. > > >Squid by default will hold off sending its HERE_I_AM message to the cisco >until the cache has been fully loaded and Squid is actually ready for >service. If you have a large cache (GB) wccp2_rebuild_wait can make it not >wait, but you will see degraded service until the cache is available. > > >Amos I have used the squid wiki on wccp word for word and I am still having trouble. I'm getting a different kind of problem though. Instead of the webservers timing out, I get an immediate 404 response. I can see that the router is sending the wccp packets from "show ip wccp": Global WCCP information: Router information: Router Identifier: 192.168.0.22 Protocol Version: 2.0 Service Identifier: web-cache Number of Service Group Clients: 1 Number of Service Group Routers: 1 Total Packets s/w Redirected: 254 Process: 2 Fast: 0 CEF: 252 Redirect access-list: -none- Total Packets Denied Redirect: 0 Total Packets Unassigned: 112 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 Total Bypassed Packets Received: 0 I also see that my squid server is getting activity on the gre tunnel using "tcpdump -ni wccp0": 12:17:32.446759 IP 10.131.5.215.49859 > 173.194.10.167.80: . ack 2241056207 win 65535 <nop,nop,timestamp 497582527 3217260831,nop,nop,sack 1 {1449:7241}> 12:17:32.448952 IP 10.131.4.24.63323 > 194.47.250.18.80: . ack 2006719259 win 65535 <nop,nop,timestamp 903097936 64231447,nop,nop,sack 1 {1449:4345}> BUT I do not see any activity in my squid logs. I did a tail -f * in the directory my squid logs are in and I did not recieve anything. Could I trying anything else? Thanks in advance! Chris ___________________________ Chris Abel Systems and Network Administrator Wildwood Programs 2995 Curry Road Extension Schenectady, NY 12303 518-836-2341
