Re: [squid-users] Transparent proxy trouble [2]

From: Sornchai Chatwiriyachai <sonny@dont-contact.us>
Date: Tue, 31 Jul 2001 14:39:22 +0700

Thanks Joe for the ip_wccp patch but I have used the patch for my kernel
2.4.2 instead at

http://aurora.dti2.net/parches/ip_wccp-2.4.2.patch

after that I apply the patched by

    patch -p0 <ip_wccp-2.4.2.patch at /usr/src

there were no errors so I assumed it went well.

so I ran

    make xconfig

so that my config looks like this

# Networking options
#
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
# CONFIG_NETLINK is not set
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
# CONFIG_FILTER is not set
CONFIG_UNIX=y
CONFIG_INET=y
# CONFIG_TUX is not set
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
CONFIG_NET_IPGRE=y
CONFIG_NET_IPWCCP=y
# CONFIG_NET_IPGRE_BROADCAST is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_INET_ECN is not set
# CONFIG_SYN_COOKIES is not set

then I recompile my kernel...the kernel boot up ok... so I created a gre
tunnel by

/sbin/iptunnel add gre1 remote x.x.x.x. local x.x.x.x dev eth0
/sbin/iptunnel gre1 127.0.0.2 up

the apply to cisco
ip wccp version 1
ip wccp web-cache redirect-list 150
*
int s0/0
description to inet
ip wccp web-cache redirect out
ip wccp redirect exclude in
*
access-list 150 deny tcp host <my cache ip > any eq www
access-list 150 permit tcp any any eq www

AFTER ALL THAT
-- I see packets are being redirected out to squid
-- I see that my gre1 get packets
-- BUT SQUID DID NOT RETURN ANYTHING...EVERYTHING WAS FROZEN!!

BTW: I am using squid-2.3STABLE4 on RH 7.1

Any ideas?

Sonny

----- Original Message -----
From: "Joe Cooper" <joe@swelltech.com>
To: "Alexey A. Britchko" <raven@ugratel.ru>
Cc: <squid-users@squid-cache.org>
Sent: 26 กรกฎาคม 2001 11:52
Subject: Re: [squid-users] Transparent proxy trouble [2]

> How are you decapsulating the WCCP GRE packets? While the WCCP
> HERE_I_AM and I_SEE_YOU messages are not encapsulated, the client
> requests are GRE encapsulated. On Linux, you would use ip_wccp or a
> patched ip_gre module, but I guess FreeBSD has an equivelent (the patch
> to ip_gre on Linux is very simple and probably easily reproduced in the
> gre code for FreeBSD).
>
> Good luck.
>
> Alexey A. Britchko wrote:
>
> > os FreeBSD 4.2 cisco 3661 router
> >
> > Steps in order to make my squid to work as transparent
> > proxy:
> > 1. Configure squid with --enable-ipf-transparent option,
> > make and install it.
> > 2. Configure kernel. Adding IP_FIREWALL,
> > FIREWALL_DEFAULT_TO_ACCEPT and IPFIREWALL_FORWARD
> > .
> > 3. Configure cisco to redirect packets:
> >
> > ip wccp version 1
> > ip wccp web-cache redirect-list fwd-2-squid
> > interface Serial3/0
> > bandwidth 256
> > ip address 213.189.206.130 255.255.255.252
> > ip access-group Ext-ip-in in
> > ip access-group Ext-ip-out out
> > no ip redirects
> > ip accounting output-packets
> > ip wccp redirect exclude in
> > ip audit AUDIT.1 in
> > ip route-cache flow
> > no ip mroute-cache
> > random-detect
> > !
> > ip access-list standard fwd-2-squid
> > deny 213.189.214.1 log
> > permit 213.189.214.0 0.0.0.255
> > deny any
> >
> > 4. Configure ipfw :
> > ipfw add allow all from any to any
> > ipfw add fwd 213.189.214.1,3128 tcp from any to any 80
> >
> >
> > 5. Configure SQUID:
> > http_port 3128
> > httpd_accel_host virtual
> > httpd_accel_port 80
> > httpd_accel_with_proxy on
> > httpd_accel_uses_host_header on
> >
> > Squid and cisco sees each other (messages in cosco log: i
> > see you, here I am).
> > But redirection doesn't work.
> >
> > Any ideas?
> >
> > Best regard,
> > Alexey
>
>
>
> --
> Joe Cooper <joe@swelltech.com>
> Affordable Web Caching Proxy Appliances
> http://www.swelltech.com
>
>
Received on Tue Jul 31 2001 - 01:35:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:21 MST