"Chris Abel" <cabel@xxxxxxxxxxxx> writes: >Amos Jeffries <squid3@xxxxxxxxxxxxx> writes: >>On Tue, 07 Sep 2010 13:59:05 -0400, "Chris Abel" <cabel@xxxxxxxxxxxx> >>wrote: >>> Hello Everyone! >>> >>> I seem to be very close to getting this to work, but I'm running into >>some >>> problems. First I'll explain my background story. >>> >>> I need a transparent proxy and the proxy server will need to be able to >>> view the client's IP address. I currently have a sonicwall router which >>> forwards all web traffic to the proxy. This is transparent and it >works, >>> but it gives the sonicwall ip address as the client's ip address. I >>cannot >>> see who went to what. >>> >>> I was told WCCP will maintain the source ip address. I've been >following >>> this tutorial almost strictly word by word: >>> http://www.digitalnerds.net/linux/transparent-squid-with-wccp/ >> >>OMG! that tutorial is so broken I'm surprised their Squid even starts. >> >>> >>> The only thing I changed is that I am using wccpv2 instead of 1. When I >>> enable wccp on the router I can no longer download web pages, but I can >>> ping the web servers. On the router side I do see traffic going through >>as >>> CEF when I do a "show ip wccp". On the linux server side I also see >gre1 >>> encapsulation packets on the gre interface and I also get entrys in my >>> cache.log for squid, but I don't know what they mean: >> >>Please understand WCCP *only* routes packets going to port 80. ping and >>any other testing which involves protocols and ports other than port 80 >>HTTP give false results. >> >><snip> >>> 50. >>> 2010/09/03 14:47:08| WCCP Disabled. >> >>WCCPv1 is turned off... >> >> >>> 51. >>> 2010/09/03 14:47:08| Accepting WCCPv2 messages on port 2048, FD >>14. >> >>WCCPv2 is turned on... >> >>> 52. >>> 2010/09/03 14:47:08| Initialising all WCCPv2 lists >>> 53. >>> 2010/09/03 14:47:08| Ready to serve requests. >>> 54. >>> 2010/09/03 14:47:08| Done reading /var/spool/squid swaplog (3901 >>> entries) >>> 55. >>> 2010/09/03 14:47:08| Finished rebuilding storage from disk. >>> 56. >>> 2010/09/03 14:47:08| 3901 Entries scanned >>> 57. >>> 2010/09/03 14:47:08| 0 Invalid entries. >>> 58. >>> 2010/09/03 14:47:08| 0 With invalid flags. >>> 59. >>> 2010/09/03 14:47:08| 3901 Objects loaded. >>> 60. >>> 2010/09/03 14:47:08| 0 Objects expired. >>> 61. >>> 2010/09/03 14:47:08| 0 Objects cancelled. >>> 62. >>> 2010/09/03 14:47:08| 0 Duplicate URLs purged. >>> 63. >>> 2010/09/03 14:47:08| 0 Swapfile clashes avoided. >>> 64. >>> 2010/09/03 14:47:08| Took 0.4 seconds (11008.4 objects/sec). >>> 65. >>> 2010/09/03 14:47:08| Beginning Validation Procedure >>> 66. >>> 2010/09/03 14:47:08| Completed Validation Procedure >>> 67. >>> 2010/09/03 14:47:08| Validated 3901 Entries >>> 68. >>> 2010/09/03 14:47:08| store_swap_size = 92096k >>> 69. >>> 2010/09/03 14:47:08| storeLateRelease: released 0 objects >>> >>> >>> I'm not sure where to go from here. It looks like everythings working, >>but >>> it obviously is not. Is there anything else I can try? Any other ways >to >>> help me debug this? >>> >> >>First, check your configuration for Squid and its firewall match this >>page: >>http://wiki.squid-cache.org/Features/Wccp2#Squid_configuration_for_WCCP_version_2 >> >>An alternative to WCCP is to do real routing, we have an example for a >>2501 here: >>http://wiki.squid-cache.org/ConfigExamples/Intercept/Cisco2501PolicyRoute >> >> >>For the troubleshooting; >> * There is no indication in the cache.log that the cisco or Squid are in >>contact with each other. Check the cisco wccp information to see if its >>got >>any knowledge of Squid. >> * check if requests are getting into Squid. access.log should have >>records of every request attempt made, even failed ones. >> * the 'usual' problem when this behaviour is seen is that packets going >>from squid get looped back somewhere strange. They are supposed to get a >>free pass out to the Internet. Whether or not they go back to the cisco >to >>do so is optional. >> >> >>Squid by default will hold off sending its HERE_I_AM message to the cisco >>until the cache has been fully loaded and Squid is actually ready for >>service. If you have a large cache (GB) wccp2_rebuild_wait can make it >not >>wait, but you will see degraded service until the cache is available. >> >> >>Amos > > >I have used the squid wiki on wccp word for word and I am still having >trouble. I'm getting a different kind of problem though. Instead of the >webservers timing out, I get an immediate 404 response. I can see that the >router is sending the wccp packets from "show ip wccp": >Global WCCP information: > Router information: > Router Identifier: 192.168.0.22 > Protocol Version: 2.0 > > Service Identifier: web-cache > Number of Service Group Clients: 1 > Number of Service Group Routers: 1 > Total Packets s/w Redirected: 254 > Process: 2 > Fast: 0 > CEF: 252 > Redirect access-list: -none- > Total Packets Denied Redirect: 0 > Total Packets Unassigned: 112 > Group access-list: -none- > Total Messages Denied to Group: 0 > Total Authentication failures: 0 > Total Bypassed Packets Received: 0 > > >I also see that my squid server is getting activity on the gre tunnel >using "tcpdump -ni wccp0": > >12:17:32.446759 IP 10.131.5.215.49859 > 173.194.10.167.80: . ack >2241056207 win 65535 <nop,nop,timestamp 497582527 3217260831,nop,nop,sack >1 {1449:7241}> >12:17:32.448952 IP 10.131.4.24.63323 > 194.47.250.18.80: . ack 2006719259 >win 65535 <nop,nop,timestamp 903097936 64231447,nop,nop,sack 1 >{1449:4345}> > >BUT I do not see any activity in my squid logs. I did a tail -f * in the >directory my squid logs are in and I did not recieve anything. > >Could I trying anything else? > >Thanks in advance! >Chris Please let me know if You need anymore information. It seems as if I am very very close now and It is just very frustrating that I cannot get wccp or routing to work. -Chris ___________________________ Chris Abel Systems and Network Administrator Wildwood Programs 2995 Curry Road Extension Schenectady, NY 12303 518-836-2341
