[squid-users] IPFilter + FreeBSD + WCCP from francisv@dont-contact.us on 2003-06-16 (squid-users)

From: <francisv@dont-contact.us>
Date: Mon, 16 Jun 2003 17:12:18 +0800

Hi all,

I'm running Squid 2.5-STABLE2 on a FreeBSD 4.8-STABLE machine compiled with
-enable-ipf-transparent (-STABLE doesn't have the IPFilter headers installed
in /usr/include/netinet, copied in manually).

The kernel is compiled with `pseudo-device gre', followed instructions on
squid-cache.org on how to setup a GRE tunnel from the server to the router.
The router can see the server but I couldn't see any redirection happening
on the server (via `ipnat -l').

Here's my /etc/ipnat.rules:

rdr gre0 0.0.0.0/0 port 80 -> 202.91.166.3 port 8080 tcp

Here's the output ouf `ipnat -l':

List of active MAP/Redirect filters:
rdr gre0 0.0.0.0/0 port 80 -> 202.91.166.3 port 8080 tcp

List of active sessions:

(I also tried using `sis0' instead of `gre0' as the source interface but I
still got the same result)

Here's the output of `ifconfig -a':

sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 202.91.166.3 netmask 0xffffffe0 broadcast 202.91.166.31
        ether 00:e0:18:ec:cb:37
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
gre0: flags=9051<UP,POINTOPOINT,RUNNING,LINK0,MULTICAST> mtu 1476
        tunnel inet 202.91.166.3 --> 202.91.166.1
        inet 202.91.166.3 --> 202.91.166.1 netmask 0xffffffff

Squid is running with the following credentials: user: nobody, group:
nogroup.

crw-rw---- 1 root nogroup 79, 0 Jun 16 17:02 /dev/ipl
crw-rw---- 1 root nogroup 79, 1 Jun 16 17:02 /dev/ipnat

The kernel was compiled using the following options:

options IPFILTER
options IPFILTER_LOG

Here's my /etc/rc.local:

        #!/bin/sh
        #
        # $Id: rc.local,v 1.7 2003/06/16 07:51:49 root Exp $

        SQUID_IP="202.91.166.3"
        ROUTER_IP="202.91.166.1"
        FW="/sbin/ipfw"

        ## Create GRE interface and tunnel WCCP packets through it
        ifconfig gre0 create
        ifconfig gre0 $SQUID_IP $ROUTER_IP netmask 255.255.255.255 up
        ifconfig gre0 tunnel $SQUID_IP $ROUTER_IP
        route delete $ROUTER_IP

---
 francis a. vidal [bitstop network services] | http://www.bnshosting.net
 streaming media + web hosting               | http://www.bitstop.ph
 v(02)330-2871,(02)330-2872; f(02)330-2873   | http://www.kuro.ph

Received on Mon Jun 16 2003 - 03:12:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:22 MST