Ubuntu server 10.04 with 2.6.37, 8 gb of ram, libcap2 2.20-1, iptables
1.4.10, squid 1.3.10. The machine is in the dmz, but will be proxying local
traffic. We're trying to use wccp to tunnel traffic. According to diagnostic
tests on our firewall, the tunnel is up and working.
Firewall policy grabs traffic from the client based on IP address, and
forces it to our proxy through the wccp tunnel.
However, we're having a few issues. The client can't browse.
The following error crops up after about a minute of launching squid, and
repeats every 10 sec:
Unknown record type in WCCPv2 Packet (6)
The results of: sudo iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 16 packets, 2936 bytes)
pkts bytes target prot opt in out source
destination
0 0 REDIRECT tcp -- wccp0 any anywhere anywhere
tcp redir ports 3129
Chain INPUT (policy ACCEPT 16 packets, 2936 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 4 packets, 459 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 4 packets, 459 bytes)
pkts bytes target prot opt in out source
destination
The results of: sudo iptables -t mangle -L -v
Chain PREROUTING (policy ACCEPT 435 packets, 160K bytes)
pkts bytes target prot opt in out source
destination
2664 202K DIVERT tcp -- any any anywhere anywhere
socket
79 3792 TPROXY tcp -- any any anywhere anywhere
tcp dpt:www TPROXY redirect 0.0.0.0:3129 mark 0x1/0x1
Chain INPUT (policy ACCEPT 3099 packets, 362K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 2356 packets, 647K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 2356 packets, 647K bytes)
pkts bytes target prot opt in out source
destination
Chain DIVERT (1 references)
pkts bytes target prot opt in out source
destination
2664 202K MARK all -- any any anywhere anywhere
MARK set 0x1
2664 202K ACCEPT all -- any any anywhere anywhere
Results of ifconfig show:
eth0 Link encap:Ethernet HWaddr x
inet addr:208.x.x.x Bcast:208.x.x.x Mask:255.255.255.224
inet6 addr: x Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3417 errors:0 dropped:0 overruns:0 frame:0
TX packets:2613 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:431614 (431.6 KB) TX bytes:699823 (699.8 KB)
Interrupt:18 Memory:d8020000-d8040000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:88 (88.0 B) TX bytes:88 (88.0 B)
wccp0 Link encap:UNSPEC HWaddr
D0-48-47-70-30-30-30-30-00-00-00-00-00-00-00-00
inet addr:208.x.x.x P-t-P:208x.x.x Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
RX packets:79 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3792 (3.7 KB) TX bytes:0 (0.0 B)
Does anyone have any ideas about where to go next?
Thanks.
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Client-timing-out-when-using-squid-as-tproxy-tp3243429p3332444.html
Sent from the Squid - Users mailing list archive at Nabble.com.
