WCCP v1 + Squid 2.5S9 + kernel 2.6.5 problem

From: Muthukumar <kmuthu_gct@dont-contact.us>
Date: Thu, 24 Mar 2005 09:47:57 +0530

Dear Dev Team,

I have problem in configuring the WCCP v1 + Squid 2.5S9 + kernel 2.6.5. The following is our configurations and settings. The Squid
machine and the router are comminocating with the WCCP packets as i get the UDP 2048 packets to and fro between the router and the
squid. Please let me know if we missed out anything.

 --------------
  203.157.193.81 -- Router with wccp v1 IOS 12.2
  --------------
      |
      |
      |
      |
  -------------------------------------------
 | | |
 | | |
 | | |
203.157.193.82 203.157.193.89 203.157.193.85
 (squid) (client) (My system)

Router ip: 203.157.193.81
cache system: 203.157.193.82
Squid version: 2.5stable9

Linux Kernel Version 2.6.5
First used the kernel with ip_gre enabled and compiled
Second time used the ip_wccp patch from squid-cache.org site.
and compiled the kernel with ip_gre and ip_wccp enabled

used

modprobe ip_gre
modprobe ip_wccp

/etc/sysctl.conf

net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
kernel.sysrq = 0

Executed "sysctl -p"

My system for ssh login: 203.157.193.85

Squid.conf
---------

wccp_version 4
wccp_router 203.157.193.81

http_port 3128

-------------------

In squid machine (203.157.193.82)

iptunnel add gre1 mode gre remote 203.157.193.81 local 203.157.193.82 dev eth0
ifconfig gre1 127.0.0.2 up

iptables -t nat -A PREROUTING -d ! 203.157.193.82 -i gre1 -p tcp --dport 80 -j DNAT --to 203.157.193.82:3128

when i telnet visolve.com from the client system : 203.157.193.86 i get the following output in the tcpdump. but no entries in the
access.log
I have aslo tried REDIRECT instead of DNAT failed.

[root@system root]# tcpdump -i any 'not ( host 203.157.193.82 and port 22 ) and not host 203.193.157.82 and not port syslog and not
port domain and not snmp and not port 3632 and not icmp and not host 204.152.189.116'
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
17:58:03.734727 IP 203.157.193.82.2048 > 203.157.193.81.2048: UDP, length 52
17:58:03.736439 IP 203.157.193.81.2048 > 203.157.193.82.2048: UDP, length 64
17:58:11.026858 IP 203.157.193.81 > 203.157.193.82: gre-proto-0x883e
17:58:11.026858 < 883e 64:
        0x0000: 4500 0030 f8e8 4000 7e06 8091 404a b1fe E..0..@.~...@J..
        0x0010: 3fc2 5143 0493 0050 56b2 10f8 0000 0000 ?.QC...PV.......
        0x0020: 7002 4000 5344 0000 0204 05b4 0101 0402 p.@.SD..........
17:58:14.035493 IP 203.157.193.81 > 203.157.193.82: gre-proto-0x883e
17:58:14.035493 < 883e 64:
        0x0000: 4500 0030 f8f5 4000 7e06 8084 404a b1fe E..0..@.~...@J..
        0x0010: 3fc2 5143 0493 0050 56b2 10f8 0000 0000 ?.QC...PV.......
        0x0020: 7002 4000 5344 0000 0204 05b4 0101 0402 p.@.SD..........
17:58:14.283166 IP 203.157.193.82.2048 > 203.157.193.81.2048: UDP, length 52
17:58:14.285777 IP 203.157.193.81.2048 > 203.157.193.82.2048: UDP, length 64
17:58:20.045910 IP 203.157.193.81 > 203.157.193.82: gre-proto-0x883e
17:58:20.045910 < 883e 64:
        0x0000: 4500 0030 f906 4000 7e06 8073 404a b1fe E..0..@.~..s@J..
        0x0010: 3fc2 5143 0493 0050 56b2 10f8 0000 0000 ?.QC...PV.......
        0x0020: 7002 4000 5344 0000 0204 05b4 0101 0402 p.@.SD..........
17:58:24.747629 IP 203.157.193.82.2048 > 203.157.193.81.2048: UDP, length 52
17:58:24.750637 IP 203.157.193.81.2048 > 203.157.193.82.2048: UDP, length 64
17:58:34.981967 IP 203.157.193.82.2048 > 203.157.193.81.2048: UDP, length 52
17:58:34.985319 IP 203.157.193.81.2048 > 203.157.193.82.2048: UDP, length 64

Let me know if you need more inputs.

Thank You.
Received on Wed Mar 23 2005 - 21:18:59 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:04 MST