Search squid archive

Re: Squid and WCCP with Centos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 19 Apr 2011 11:35:18 -0700 (PDT), Daniel Shelton wrote:

Hello anyone,

I am trying to get squid 3.1 to work with Centos 5.5 and Cisco ASA
using WCCP.

The ASA has the cache session established.  I see traffic on the
Centos box on eth0 (gre traffic) and I see traffic on the gre1
interface (raw client traffic).

Take a look at the following:

[root@squidbox ~]#iptables -t nat -L -v

bytes target     prot opt in     out     source
destination
  741 41532 DNAT       tcp  --  gre1   any     anywhere
anywhere            tcp dpt:http to:0.0.0.0:3129
One thing that always troubles me. The failure reports always seem to mention an interface. Yet the wiki examples written by people with working configs do not mention one.
Your rule appears to be matching packets, so I assume its okay. Just something to be aware of.
With GRE you have to be extremely careful where the OS thinks the packet is coming from. It seems to vary between kernel implementations and versions whether the gre or eth NIC is the one seen during NAT. 




Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source
destination
   20  1952 MASQUERADE  all  --  any    any     anywhere
anywhere

Chain OUTPUT (policy ACCEPT 20 packets, 1952 bytes)
pkts bytes target     prot opt in     out     source
destination


[root@squidbox ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:13:72:FA:45:EB
inet addr:172.23.1.2 Bcast:172.23.1.255 Mask:255.255.255.0 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14361 errors:0 dropped:0 overruns:0 frame:0
          TX packets:675 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1467426 (1.3 MiB)  TX bytes:95311 (93.0 KiB)
          Interrupt:169 Memory:f8000000-f8012800

gre1      Link encap:UNSPEC  HWaddr
AC-17-01-02-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:1.2.3.4  P-t-P:1.2.3.4  Mask:0.0.0.0
          UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
          RX packets:5884 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:326353 (318.7 KiB)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1701 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1701 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2704276 (2.5 MiB)  TX bytes:2704276 (2.5 MiB)

[root@squidbox ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@squidbox ~]# cat /proc/sys/net/ipv4/conf/default/rp_filter
0
[root@squidbox ~]# cat /proc/sys/net/ipv4/conf/eth0/rp_filter
0
[root@squidbox ~]# cat /proc/sys/net/ipv4/conf/gre1/rp_filter
0


The problem I have is that the Squid Proxy does not ever seem to
receive the traffic forwarded to it by iptables.  The proxy is
listening on 0.0.0.0:3129, but a debug results in "Engine is idle".
What is the exact message displayed by Squid about that port during startup or reconfigure? 

Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux