let me give you my router details: as now I have put ip wccp redirect out
at the interface with connect to our ISP ( which stopped browsing for the
whole lan ) and router could recognise cache, but no i see u
packets....; well first the router code for you
ip wccp version 1
ip wccp web-cache
interface FastEthernet1/0-------------------------> our lan is connected
here
description **Description Connected To Mantra**
ip address 202.56.207.33 255.255.255.224
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
no ip mroute-cache
duplex auto
speed auto
no cdp enable
interface Serial1/1
description connected to Mantra------------ line to ISP (INTERNET)
ip address 202.56.204.142 255.255.255.252
no ip directed-broadcast
ip wccp web-cache redirect out
encapsulation ppp
!
--------------------
router2>sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 202.56.207.33
Protocol Version: 1.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 6240
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
----------------
router2>sh ip wccp we detail
WCCP Cache-Engine information:
IP Address: 202.56.207.35
Protocol Version: 0.4
State: Usable
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 6240
Connect Time: 01:27:31
---------------------
tcp dump at the cache...engine ( SQUID )
14:09:12.495325 eth0 < gre-proto-0x883E (gre encap)
14:09:12.495325 eth0 < gre-proto-0x883E (gre encap)
14:09:12.515325 eth0 < gre-proto-0x883E (gre encap)
14:09:12.655325 eth0 > 202.56.207.35.2048 > rmantra.2048: udp 52 (DF)
14:09:12.655325 eth0 < rmantra.2048 > 202.56.207.35.2048: udp 64
14:09:12.995325 eth0 B arp who-has 202.56.207.54 tell rmantra
14:09:13.055325 eth0 < gre-proto-0x883E (gre encap)
14:09:13.135325 eth0 < gre-proto-0x883E (gre encap)
14:09:13.375325 eth0 < gre-proto-0x883E (gre encap)
14:09:13.555325 eth0 < gre-proto-0x883E (gre encap)
14:09:13.665325 eth0 < gre-proto-0x883E (gre encap)
[root@cache /root]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:01:02:94:2C:0A
inet addr:202.56.207.35 Bcast:202.56.207.63
Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23680 errors:0 dropped:0 overruns:0 frame:0
TX packets:11546 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xdc00
gre1 Link encap:UNSPEC HWaddr
CA-38-CF-23-00-00-00-00-00-00-00-00-00-00-00-00
UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
RX packets:7442 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
------------------
[root@cache /root]# ipchains -L
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ localhost localhost n/a
ACCEPT tcp ------ anywhere 202.56.207.34 any ->
http
REDIRECT tcp ------ 202.56.207.32/27 anywhere any ->
http => squid
REDIRECT tcp ------ anywhere anywhere any ->
http => squid
ACCEPT all ------ 202.56.207.32/27 anywhere n/a
ACCEPT all ------ anywhere 202.56.207.32/27 n/a
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
now khiz, with ip wccp web-cache redirect out at my serial interface (
going to my service provider )... my lan is unable to browse the
internet.. and ls -l at /var/log/squid shows
-rw-r--r-- 1 squid squid 0 Sep 17 14:26 access.log
:( :( :(
please specify what to do; earlier with ip wccp .... redirect out line at
the ethernet interface... I could see the I SEE U.... packets at the
router, now they are gone...;;; sugg.
waiting....
Regards,
deeptish
On Wed, 26 Sep 2001, khiz code wrote:
:)
:)i told u
:)DONT APPLY Wccp on the interface on which cache is CONNECTED
:)!!!!!!!!!!!!!1
:)repeat !!!
:)uve done the exact opposite
:)apply on the int thru which ur web traffic traffic goes out in case
:)there wud hv been no cache at all
:)do get back and telkl the rsults
:)--- Deeptish Dey <deeptish@lotus.saha.ernet.in> wrote:
:)>
:)> here goes
:)>
:)> [root@cache /root]# tcpdump port 2048
:)> User level filter, protocol ALL, datagram packet socket
:)> tcpdump: listening on all devices
:)> 19:22:19.969439 eth0 > cache.2048 > rmantra.2048: udp 52 (DF)
:)> 19:22:19.969439 eth0 < rmantra.2048 > cache.2048: udp 64
:)> 19:22:30.389439 eth0 > cache.2048 > rmantra.2048: udp 52 (DF)
:)> 19:22:30.389439 eth0 < rmantra.2048 > cache.2048: udp 64
:)>
:)> where.. cache is the squid machine; and rmantra is my router;;
:)>
:)> ip wccp web-cache redirect out is done at the ethernet interface
:)> through
:)> which cache is connected; I could not get any better with ip_wccp so
:)> now I
:)> am trying with ip_gre...
:)>
:)> there is no acl defined for now; if u feel I need to put some, please
:)> give
:)> me a better hint..
:)>
:)> also, its 7.30 PM in INDIA here, and I have to get going to my
:)> home.. smile ... I will check your reply morrow morn... if u wish I
:)> might
:)> attach the router conf ... tomorrow.... dozon roses to you....
:)>
:)>
:)> regards
:)>
:)> Deeptish
:)>
:)>
:)> On Wed, 26 Sep 2001, khiz code wrote:
:)>
:)> :)i am spking abt applying wccp on the router interfcae thru which ur
:)> :)internet traffic flows out
:)> :)config t
:)> :)#ip wccp web-cache redirect out
:)> :)u use only one of them ..ip_wccp is better
:)> :)do tcpdump port 2048
:)> :)and see if ur getting packets
:)> :)i suspect that uve applied wccp on the wrong router interface
:)> :)acl for denying the squid box ips shud be a part of the acl against
:)> :)which wccp policy is matched
:)> :)rgds
:)> :)khiz
:)> :)
:)> :)
:)> :)--- Deeptish Dey <deeptish@lotus.saha.ernet.in> wrote:
:)> :)>
:)> :)>
:)> :)> wccp code is properly inserted on the proper eth interface, when
:)> I do
:)> :)> TCPdump I see the gre packets are received by the squid machine,
:)> (
:)> :)> there
:)> :)> was an error accepting GRE packets, and I did modprobe ip_gre.o..
:)> :)> seems
:)> :)> ok, this time I did not use ip_wccp.o.. tell me if I need both
:)> )!!
:)> :)>
:)> :)> With TCPDUMP at the squid machine, it also sez connection at port
:)> :)> 2048:upd.. seems fine... just the access.log is dry!!!
:)> :)>
:)> :)> well one thing I did not apply any acl for denying anything..
:)> give me
:)> :)> a
:)> :)> gint here.. thanks khiz code;
:)> :)>
:)> :)>
:)> :)> regards,
:)> :)>
:)> :)> Deeptish Dey
:)> :)>
:)> :)>
:)> :)> On Wed, 26 Sep 2001, khiz code wrote:
:)> :)>
:)> :)> :)most probably uve applied wccp on the wrong router interface
:)> :)> :)appply it on the interface thru which ur internet traffic goes
:)> out
:)> :)> and
:)> :)> :)not on the interfcae wher uve connected squid .. unless uve one
:)> :)> :)interface
:)> :)> :)in this case dont forget to put the acl denying the squid ips
:)> :)> :)rgds
:)> :)> :)khizcode
:)> :)> :)
:)> :)> :)--- Deeptish Dey <deeptish@lotus.saha.ernet.in> wrote:
:)> :)> :)>
:)> :)> :)> Hello Squid Gurus,
:)> :)> :)>
:)> :)> :)> This is to tell you, that my squid is doing well with my
:)> :)> masquarador
:)> :)> :)> host,
:)> :)> :)> where redirection is not necessary; I plan to use it with our
:)> :)> cisco
:)> :)> :)> router
:)> :)> :)> 3660, IOS 12, configured it, and I see the I see you -- here
:)> I am
:)> :)> :)> packets; but no increase of access.log file. here I am using
:)> :)> squid
:)> :)> :)> version
:)> :)> :)> 2.3.STABLE4; with LINUX kernel 2.4.2-2 on REDHAT 7.1
:)> :)> distribution,
:)> :)> :)> furthermore ip_wccp.o is sucessfully insmod-ed; What exactly
:)> I
:)> :)> should
:)> :)> :)> try
:)> :)> :)> now?
:)> :)> :)>
:)> :)> :)> another problem is that for short domain names ( www for
:)> :)> www.mydomain
:)> :)> :)> ) squid is unable to find the ips, and for all local machines
:)> :)> user
:)> :)> :)> need to
:)> :)> :)> type-in the fully qualified domain names, which you would
:)> agree
:)> :)> is a
:)> :)> :)> pain.
:)> :)> :)>
:)> :)> :)> Also I notice that the squid server (other one installed in
:)> the
:)> :)> masq
:)> :)> :)> host) does not cache all the gif's, but some.. please assist
:)> me
:)> :)> to
:)> :)> :)> know
:)> :)> :)> what should I do to tell squid to cache all images, txt,
:)> files?
:)> :)> :)>
:)> :)> :)> There goes all the pain I am going through, and any help from
:)> :)> your
:)> :)> :)> end.. would be highly appreciated; I find no other go but to
:)> :)> :)> registrar in
:)> :)> :)> this mailing list.
:)> :)> :)>
:)> :)> :)> Thank you very much.
:)> :)> :)>
:)> :)> :)> Regards,
:)> :)> :)>
:)> :)> :)> Deeptish Dey,
:)> :)> :)>
:)> :)> :)> Engineer, SINP, INDIA
:)> :)> :)>
:)> :)> :)>
:)> :)> :)>
:)> :)> :)
:)> :)> :)
:)> :)> :)__________________________________________________
:)> :)> :)Do You Yahoo!?
:)> :)> :)Get email alerts & NEW webcam video instant messaging with
:)> Yahoo!
:)> :)> Messenger. http://im.yahoo.com
:)> :)> :)
:)> :)>
:)> :)
:)> :)
:)> :)__________________________________________________
:)> :)Do You Yahoo!?
:)> :)Get email alerts & NEW webcam video instant messaging with Yahoo!
:)> Messenger. http://im.yahoo.com
:)> :)
:)>
:)
:)
:)__________________________________________________
:)Do You Yahoo!?
:)Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com
:)
Received on Thu Sep 27 2001 - 02:51:17 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:30 MST