Hi Abhilash,
Let Me clear up few things immediately,
1. finally I switched over to ip_wccp.o, as with ip_gre.o my squid was
numb. So if u wish u can try with that.
2. access list is must, I previously did as u r now that the list will
deny traffic from squid to any, smile not the case, it means that any
traffic from squid will not be redirected, thats why the deny rule.
SO u have to put those lines in proper places, deny for all cache hosts,
and permit for other hosts.
3. ip wccp web-cache redirect out;;; PUT THIS LINE IN YOUR wAn INTERFACE
AND not IN ETHERNET INTERFACE...
----that does it all, with blessings of squid gods and goddess, if u wish
u can get it done with ip_gre, with little more effort, not doing the
mistakes I did ( I still dont know )... do mail back...;
TODO:
PREPARE a cookbook for transparent proxy with wccp
Regards
Deeptish
On Thu, 27 Sep 2001, Abhilash. V.M. wrote:
:)Hi,
:)I was closely monitoring the interactions with
:)Deeptish and khiz, cos I was pissed off with this wccp
:)box.My first problem (The Nimda virus ) is solved
:)now.Thanks to Khiz and rizwan.
:)
:)Now, I will brief the steps I did here with supporting
:)informations.
:)
:)First, of all, I'll include the wccp config part of my
:)cisco.
:)
:)ip subnet-zero
:)ip wccp version 1
:)ip wccp web-cache
:)no ip domain-lookup
:)
:)interface FastEthernet0/0
:) ip address 202.88.231.4 255.255.255.0
:) ip wccp web-cache redirect out
:) no ip directed-broadcast
:) speed auto
:) full-duplex
:)
:)I have not created any access lists
:)as diptish had created. Also let me know if its reqd.
:)
:):)> ip access-list extended cache
:)> :)> deny tcp host 202.56.207.35 any ------>
:)202.56.207.35 is my
:)> cache
:)> :)> squid
:)> :)> permit tcp any any eq www
:)> :)> !
:)
:)(Deeptish's access list : I guess the above one will
:)deny all the requests from the squid, to outside world
:)and it wont be able to access the site and cache
:)it.correct me if I am wrong. which interface was
:)applied with this accesslist ?).
:)
:)Now, in the squid box, I did the following.
:)
:)1:echo 1 >/proc/sys/net/ipv4/ip_forward (Enabling IP
:)forwarding. I am not convinced abt its need, as my
:)squid box has only 1 ethernet card, and ip address.I
:)blindly followed it as I got it from one of the FAQs).
:)
:)2:modprobe ip_gre
:)
:)3:iptunnel add gre1 mode gre remote<cisco's ethernet
:)ip> local<I tried both squid's ip and 127.0.0.2> dev
:)eth0.
:)
:)4:ifconfig gre1<local-ip>netmask <A.B.C.D> up
:)
:)Now, once I start squid, my cisco detects it, and its
:)#sh ip wccp is captured below.
:)
:)Global WCCP information:
:) Router information:
:) Router Identifier:
:)203.208.147.78
:) Protocol Version: 1.0
:)
:) Service Identifier: web-cache
:) Number of Cache Engines: 1
:) Number of routers: 1
:) Total Packets Redirected: 2020942
:) Redirect access-list: -none-
:) Total Packets Denied Redirect: 0
:) Total Packets Unassigned: 8
:) Group access-list: -none-
:) Total Messages Denied to Group: 0
:) Total Authentication failures: 0
:)
:)It shows lots of packets are being redirected. But my
:)worry is, where the heck does it all vanish ?
:)my access.log is 0 bytes long ! and no updates at all
:)!
:)
:)This clearly means my cisco is simply forwarding the
:)packets, and its not getting captured by squid.
:)I have absolutely no problems in browsing the sites
:)(Except that its slow, since there is no cache.)
:)
:)Now, I request you experienced people to help me out.
:)I never thought this would be this difficult !
:)
:)I will be gr8ful to u if u cud give me a detailed step
:)by step procedure of this stuff.
:)
:)another interesting thing is, when I say lsmod, my
:)ip_wccp module is shown as unused. (its captured
:)below).
:)
:)Module Size Used by
:)ip_gre 6744 1
:)ip_wccp 672 0 (unused)
:)lockd 31176 1 (autoclean).
:)
:)Does it mean that the module is not ok ?
:)
:)Now, please please help !!(You guys are my last resort
:)! do the magic again !! :):))
:)
:)Thanks for ur understanding.
:)
:)Regards
:)Abhilash.V.M.
:)cochin, India.
:)
:)
:)
:)
:)__________________________________________________
:)Do You Yahoo!?
:)Listen to your Yahoo! Mail messages from any phone.
:)http://phone.yahoo.com
:)
Received on Fri Sep 28 2001 - 00:22:11 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:30 MST