RE: [squid-users] IPFilter + FreeBSD + WCCP

I actually have it working (GRE tunnel on FreeBSD 4.8-STABLE) using ipfw and
not IPFilter. I'd like to know why the configuration doesn't work with
IPFilter.

-----Original Message-----
From: Raphael Maseko [mailto:ralph@zamnet.zm]
Sent: Monday, June 16, 2003 5:39 PM
To: francisv@dagupan.com

I attempted that a month ago and I had a lot of errors ( I can't remember
what they were now). I would appreciate pointers for me to try it again.
Thanks.
Ralph

----- Original Message -----
From: <francisv@dagupan.com>
To: <squid-users@squid-cache.org>
Sent: Monday, June 16, 2003 11:31 AM
Subject: RE: [squid-users] IPFilter + FreeBSD + WCCP

> Hi Raphael,
>
> I have a couple of Squid servers running on FreeBSD 4.7-RELEASE with GRE
> support.
>
> -----Original Message-----
> From: Raphael Maseko [mailto:ralph@zamnet.zm]
> Sent: Monday, June 16, 2003 5:31 PM
> To: francisv@dagupan.com
>
> Hi,
> I got it working on FreeBSD 4.6.2 with the help of the instructions on:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=i386/47813 and
> http://www.geocrawler.com/archives/3/165/2002/10/0/10004885/
>
> Try this:
>
> 1. download the gre.c and the wccp patch and apply them according to the
FAQ
> on http://www.squid-cache.org/Doc/FAQ/FAQ-17.html
> 2. Rebuild the Kernel with "options GRE"
> 3. Configure SQUID with --enable-ipf-transparent option
> 4. Edit the /etc/rc.conf to enable ipnat:
> ipnat_enable="YES"
> ipnat_program="/sbin/ipnat"
> ipnat_rules="/etc/ipnat.rules"
> ipnat_flags=""
>
> 5. creat /etc/ipnat.rules with:
> rdr fxp0 0.0.0.0/0 port 80 -> 208.224.179.254 port 3128 tcp (3128 can be
> changed to your appropriate port)
>
> 6. Enable wccp on your router
>
> 7. run ipnat -l to see redirections
>
> Good luck
> Ralph
>
> NB:
> I did not add the "pseudo-device gre". I must say that I have trouble
trying
> to get WCCP working on 5.0
>
> ----- Original Message -----
> From: <francisv@dagupan.com>
> To: <squid-users@squid-cache.org>
> Sent: Monday, June 16, 2003 11:12 AM
> Subject: [squid-users] IPFilter + FreeBSD + WCCP
>
>
> > Hi all,
> >
> > I'm running Squid 2.5-STABLE2 on a FreeBSD 4.8-STABLE machine compiled
> with
> > -enable-ipf-transparent (-STABLE doesn't have the IPFilter headers
> installed
> > in /usr/include/netinet, copied in manually).
> >
> > The kernel is compiled with `pseudo-device gre', followed instructions
on
> > squid-cache.org on how to setup a GRE tunnel from the server to the
> router.
> > The router can see the server but I couldn't see any redirection
happening
> > on the server (via `ipnat -l').
> >
> > Here's my /etc/ipnat.rules:
> >
> > rdr gre0 0.0.0.0/0 port 80 -> 202.91.166.3 port 8080 tcp
> >
> > Here's the output ouf `ipnat -l':
> >
> > List of active MAP/Redirect filters:
> > rdr gre0 0.0.0.0/0 port 80 -> 202.91.166.3 port 8080 tcp
> >
> > List of active sessions:
> >
> > (I also tried using `sis0' instead of `gre0' as the source interface but
I
> > still got the same result)
> >
> > Here's the output of `ifconfig -a':
> >
> > sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> > inet 202.91.166.3 netmask 0xffffffe0 broadcast 202.91.166.31
> > ether 00:e0:18:ec:cb:37
> > media: Ethernet autoselect (100baseTX <full-duplex>)
> > status: active
> > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> > inet 127.0.0.1 netmask 0xff000000
> > gre0: flags=9051<UP,POINTOPOINT,RUNNING,LINK0,MULTICAST> mtu 1476
> > tunnel inet 202.91.166.3 --> 202.91.166.1
> > inet 202.91.166.3 --> 202.91.166.1 netmask 0xffffffff
> >
> > Squid is running with the following credentials: user: nobody, group:
> > nogroup.
> >
> > crw-rw---- 1 root nogroup 79, 0 Jun 16 17:02 /dev/ipl
> > crw-rw---- 1 root nogroup 79, 1 Jun 16 17:02 /dev/ipnat
> >
> > The kernel was compiled using the following options:
> >
> > options IPFILTER
> > options IPFILTER_LOG
> >
> > Here's my /etc/rc.local:
> >
> > #!/bin/sh
> > #
> > # $Id: rc.local,v 1.7 2003/06/16 07:51:49 root Exp $
> >
> > SQUID_IP="202.91.166.3"
> > ROUTER_IP="202.91.166.1"
> > FW="/sbin/ipfw"
> >
> > ## Create GRE interface and tunnel WCCP packets through it
> > ifconfig gre0 create
> > ifconfig gre0 $SQUID_IP $ROUTER_IP netmask 255.255.255.255 up
> > ifconfig gre0 tunnel $SQUID_IP $ROUTER_IP
> > route delete $ROUTER_IP
> >
> > ---
> > francis a. vidal [bitstop network services] | http://www.bnshosting.net
> > streaming media + web hosting | http://www.bitstop.ph
> > v(02)330-2871,(02)330-2872; f(02)330-2873 | http://www.kuro.ph
Received on Mon Jun 16 2003 - 03:48:19 MDT