Re: [squid-users] More WCCP woes

----- Original Message -----
From: "Sixx Lim" <sixx@swiftech.net.sg>
To: <squid-users@ircache.net>
Sent: Thursday, March 15, 2001 6:20 PM
Subject: Re: [squid-users] More WCCP woes

>
> >
> > > I hope that WCCP is still hot topic to be discussed. Most of us got
> > > different symptoms. I made an assumption that may be wrong, please
correct
> > > me.
> >
> > I hope too. I don't have my particular setup running at all.
>
> Tried everything in the FAQs, except for GRE.
> Loading WCCP i totally lose terminal control of the server (only ssh in
works)
> Below are the msg i get flooded on *all* consoles and syslog

>

<snip>

> The catch here is nothing gets into squid's access log, so i presume
> nothing gets send out.
> This developmental server is on 2.4 kernel + squid 2.4 pre stable2.
>

    I have the same symptom

> > >
> > > 1. Vishwanath Paranjape could get "Here_I_Am" packet but still cannot
> > > redirecting HTTP to Squid
> > > 2. Jorge Boncompte seems solve the problem by using IP GRE.
> >
> > I'm using the ip_wccp module without any patches. My problem is that
> >squid doesn't "understand" what it receives. I have defined several ip
> >tables to redirect packets but seems to not work.
>
> Redirection of ports thru iptables would only work if the squid/iptables
> server is also the
> router for the NAT network.

    Read below.

> A good method to test out would be to telnet into the port being
redirected
> via real ip
> system.

    I know how to test it, I have several "medium" size squid box running in
transparent mode.

> >
> > WCCP encapsulates redirected packets in GRE (Generic Routing
> >Encapsulation) and send them to the Cache box. UDP port 2048 is the
> >"ststatus port", I think. The ip_wccp module strips the GRE header from
the
> >packets it has received. The only one difference between this and the
ip_gre
> >is that you can send GRE packets because you can define a new interface
and
> >routes.
>
>
> My current working implementation of wccp on 2.2 kernels didn't use GRE.
> Would try w/o GRE on 2.4 in the morning.
> Any ideas to try before i totally ditch 2.4 kernels n work with 2.2?
>
    You are using GRE. Use iptraf, ethereal, or another packet sniffer, and
tu'll see GRE packets coming from your router to your squid box. The ip_wccp
desencapsulates this packets and treat them as if they were arrived from a
real interface. But I think that this packets don't pass throught the
netfilter hooks.

    -Jorge

==============================================================
Jorge Boncompte - Técnico de sistemas
DTI2 - Desarrollo de la Tecnología de las Comunicaciones
--------------------------------------------------------------
C/ Abogado Enriquez Barrios, 5 14004 CORDOBA (SPAIN)
Tlf: +34 957 761395 / FAX: +34 957 450380
--------------------------------------------------------------
jorge@dti2.net _-_-_-_-_-_-_-_-_-_-_-_-_-_ http://www.dti2.net
==============================================================
Without wicker a basket cannot be done.
==============================================================
Received on Thu Mar 15 2001 - 11:06:25 MST