Well after much hair pulling it seemed that the problem was related to
the GRE portion of things. While packets were coming in on the GRE
tunnel, and getting redirected (according to ipchains) to the proxy
port squid never saw the request. After getting fresh kernel source,
re-applying the ip_gre.c patch. Getting old kernel source (2.2.5
which was stated to work with this patch) and applying the patch.
And sacrificing virgins and cats, it was still no go. So I decided to
get wacky and try to ip_wccp module method. As soon as I changed to
the ip_wccp method everything started working.
The troubleshooting steps I took actually coincided almost exactly
with what Henrik suggested to Ziya Suzen, and Ziya forwarded on to
me. Note I had done all of things excluding those relating to the
ip_wccp module already. The steps are below:
Configure a browser to manually use the cache to the port which is set
in squid's http_port config entry.
Install your redirect rules, change your browser to proxy config to
use port 80 instead.
Change the default gateway on the test client machine to be the
cacher, remove any proxy settings, and attempt to browse.
Reset the test client machine to it's normal gateway and no proxy
settings.
Check to make sure the router believes all is fine with WCCP (using
show ip wccp, and debug ip wccp *).
Attempt to browse. (this is the step where I got hung up).
At that point I used show ip wccp to verify packets were getting
redirected to the cacher, monitored ifconfig to make sure packets were
coming in the gre interface, cat /proc/net/ip_fwchains to verify that
once the packets were getting to the cacher they were getting
unwrapped from GRE and redirected to the cacher port, and cranked up the
debuging on squid to see if the request got there.
With the ip_gre.c (and the patch) I was seeing everything I wanted
excluding the requests coming into squid. I.e. I could see packets
getting redirected from the router, I could see packets coming in on
the gre interface, and I could see packets passing the ipchains rule and
getting redirected. But no request ever made it to squid according to
debug_option ALL,9.
Now I would feel much better about this email if I found a solution
while still using the ip_gre.c patch, but at least I found a solution.
Hopefully this helps someone else who has a similar problem down the
road.
--
William R. Thomas
PowerUser Technologies Email: wthomas@poweruser.com
Phone: 847-215-3300 ext 1105 Fax: 847-215-3318
*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*
Anyone who is capable of getting themselves made President should on no
account be allowed to do the job.
-- Douglas Adams, "The Hitchhiker's Guide to the Galaxy"
Received on Thu Jun 15 2000 - 14:56:36 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:02 MST