My colleague and I have been racking our brains on this for the last
week with no success.
We're pretty sure we've got everything setup correctly on the router as
it is seeing the cache
server and everything setup correctly on squid as it is listening and
processing requests just
fine. Perhaps our problem is in the bridge between the two on our
FreeBSD system but we're
having no luck pinning it down. Here's what we've got so far from
various devices:
FROM THE ROUTER:
ip wccp version 1
ip wccp web-cache
.
.
interface FastEthernet0/0
ip address 10.0.0.254 255.255.0.0
.
.
interface Serial0/0
ip address 10.254.254.254 255.255.255.252
ip wccp web-cache redirect out
on completing show ip wccp:
Global WCCP information:
Router information:
Router Identifier: 10.254.254.254
Protocol Version: 1.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 1133
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
WCCP Cache-Engine information:
Web Cache ID: 0.0.0.0
Protocol Version: 0.4
State: Usable
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 343
Connect Time: 3d19h
-------------
As you can see, it sees our cache server (which is 10.0.0.14) and it's
redirecting packets - so I'm thinking it's all setup correctly here.
When you set yourself to surf through squid you can surf out to the
internet fine - however when you allow yourself to just be handled by
the router, you are unable to surf.
SETUP ON SQUID SERVER:
in the kernel:
options IPFIREWALL
pseudo-device gre
in the /etc/rc.firewall:
/sbin/ipfw -f flush
/sbin/ipfw add 49 allow tcp from 10.0.0.14 to any
/sbin/ipfw add 50 fwd 127.0.0.1,3128 tcp from 10.0.0.0/16 to any 80 via
gre0 in
completed at startup:
ifconfig gre0 create
ifconfig gre0 10.0.0.14 10.20.30.40 netmask 255.255.255.255 link1 tunnel
10.0.0.14 10.0.0.254 up
in squid.conf:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
wccp_router 10.0.0.254
wccp_version 4
--------
No requests are being sent to squid (which is in fact listening on 3128)
As I said we're able to surf the net by manually pointing the browser
over to 10.0.0.14,3128 but nothing is working.
We've also tried different versions of creating the gre tunnel from
other articles posted all over the internet with no luck.
Any thoughts into this would be much appreciated. If there is anything
here I missed, feel free to suggest it over and I'll tell you if we've
tried it or not.
Thanks,
Travis
###########################################
This message has been scanned by F-Secure Anti-Virus for Microsoft
Exchange.
For more information, connect to http://www.F-Secure.com/
Received on Tue Jun 15 2004 - 11:20:36 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT