Hey Eliezer,
Thanks for the pointer...
selinux is disabled. no problem in this side.
Cisco sees it :
cata6#sh ip wccp web-cache view
WCCP Routers Informed of:
192.168.201.165
WCCP Cache Engines Visible:
194.214.158.207
194.214.158.189 <-----------
WCCP Cache Engines NOT Visible:
-none-
My doubt, at this moment, is about the gre interface. You explicitly defined it and created a tunnel
for it :
iptunnel add wccp0 mode gre remote $CISCOIPID local $LOCALIP dev eth1
ifconfig wccp0 127.0.1.1/32 up
Is this necessary ? This doesn't appear in the doc by Amos Jeffries.
Regards
On 02/19/2014 03:47 PM, Eliezer Croitoru wrote:
Hey,
I did not read the whole setup so sorry but I have written this article:
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2
in the past which is very likely to help you to understand.
first disable SELINUX then make sure with tcpdump in what level is the issue.
Hope it Helps,
Eliezer
On 02/19/2014 02:31 PM, Jose-Marcio Martins wrote:
Hello,
I've configured a transparent proxy as TProxy4
(http://wiki.squid-cache.org/Features/Tproxy4).
But I don't see anything in squid access log.
* OS = Linux Fedora 20.
* Cache log says at start-up :
....
2014/02/19 12:23:53 kid1| Accepting WCCPv2 messages on port 2048, FD 11.
2014/02/19 12:23:53 kid1| Initialising all WCCPv2 lists
2014/02/19 12:23:53 kid1| HTCP Disabled.
2014/02/19 12:23:53 kid1| Squid plugin modules loaded: 0
2014/02/19 12:23:53 kid1| Adaptation support is off.
2014/02/19 12:23:53 kid1| Accepting HTTP Socket connections at
local=0.0.0.0:8080 remote=[::] FD 12 flags=9
2014/02/19 12:23:53 kid1| Accepting HTTP Socket connections at
local=0.0.0.0:3128 remote=[::] FD 13 flags=9
2014/02/19 12:23:53 kid1| Accepting TPROXY spoofing HTTP Socket
connections at local=0.0.0.0:3129 remote=[::] FD 14 flags=25
...
********************************
* The router is connected to the wccp port :
udp 0 0 194.214.158.189:2048 194.214.158.165:2048
ESTABLISHED
********************************
* iptables seems OK
# iptables -t mangle -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DIVERT
-A PREROUTING -p tcp -m socket -j DIVERT
-A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129 --on-ip
0.0.0.0 --tproxy-mark 0x1/0x1
-A DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A DIVERT -j ACCEPT
#
********************************
* kernel routing seems OK :
# ip -s -f inet rule
0: from all lookup local
32764: from all fwmark 0x1 lookup 100
32765: from all fwmark 0x1 lookup 100
32766: from all lookup main
32767: from all lookup default
# ip -s -f inet route
default via 194.214.158.165 dev eth0
169.254.0.0/16 dev eth0 scope link metric 1002
194.214.158.0/24 dev eth0 proto kernel scope link src 194.214.158.189
#
********************************
* squid.conf :
wccp2_router 194.214.158.165
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_assignment_method hash
wccp2_service standard 0
I shall change wccp2_service to dynamic after, but for start-up, it
should work, I guess.
********************************
* On the router (switch/router) we have this :
ip wccp web-cache redirect-list 120
interface Vlan16
description Vlan Users
ip address a.b.c.d v.w.x.y
no ip redirects
ip wccp web-cache redirect in
access-list 120 remark le proxy SQUID bypasse la redirection
access-list 120 deny ip host 194.214.158.207 any
access-list 120 permit tcp 192.168.16.0 0.0.0.255 any eq www
access-list 120 deny ip any any
*********************************
What more shall I look ? There's something wrong ? Any hint ?
Thanks for your help.
--
Envoyé de ma machine à écrire.
---------------------------------------------------------------
Spam : Classement statistique de messages électroniques -
Une approche pragmatique
Chez Amazon.fr : http://amzn.to/LEscRu ou http://bit.ly/SpamJM
---------------------------------------------------------------
Jose Marcio MARTINS DA CRUZ http://www.j-chkmail.org
Ecole des Mines de Paris http://bit.ly/SpamJM
60, bd Saint Michel 75272 - PARIS CEDEX 06
mailto:Jose-Marcio.Martins@xxxxxxxxxxxxxxxxxx
