Re: [squid-users] Problem with WCCP on OpenBSD

----- Original Message -----
From: "Raphael Maseko" <ralph@zamnet.zm>
To: "'Eric J Merkel'" <merkel@metalink.net>; "'Squid'"
<squid-users@squid-cache.org>
Sent: Tuesday, December 07, 2004 12:28 AM
Subject: RE: [squid-users] Problem with WCCP on OpenBSD

> Hi Eric,
> I have never worked with OpenBSD but a lot with FreeBSD. Is your OpenBSD
> using a standard GRE or you have had to "patch" it in? I experienced
> something very similar to what you have described on FreeBSD 4.9 and 4.10
> when I tried to implement WCCP. I must ad that this used o work fine on
> previous versions where we had to put in a patch. I could not get round it
> despite following different sets of instructions and the "gre man" on my
> system. In fact I had to fallback on LINUX to get my WCCP working.
>
> Ralph
>

Well, I was really hoping to not have to fall back to linux. I really
believe my problem has something to do with the GRE tunnel. I enabled a
kernel option net.inet.gre.wccp=1 which I believe is all I need. When I had
just net.inet.gre.allow turned on, I was getting port 47 unreachable. I saw
several posts on Google talking about a patch for FreeBSD but no word of
such a one for OpenBSD.

If I set the browser proxy to port 80 on the squid box, the redirection to
port 3128 is working as well. This is what has lead me to believe it has to
be an issue with the GRE encapsulation/unencapsulation. I am not that
familiar with GRE so I wasn't sure if I needed a gre0 interface enabled on
my system or if I needed to create a tunnel between the router and my squid
box.

Any other thoughts of things to try before I punt and load linux?

Eric

> -----Original Message-----
> From: Eric J Merkel [mailto:merkel@metalink.net]
> Sent: Monday, December 06, 2004 10:14 PM
> To: Squid
> Subject: [squid-users] Problem with WCCP on OpenBSD
>
> I just loaded squid-2.5.STABLE7 on an OpenBSD 3.6 machine. Squid seems to
> be
>
> working fine when I setup a browser proxy directly to port 3128. However,
> I
> am attempting to setup WCCP on the Cisco router(IOS 12.2) to redirect web
> traffic to the Squid cache and have run into a bit of a problem.
>
> The Cisco shows the squid cache is available and is communication with all
> the normal HERE_I_AM/I_SEE_YOU messages. The WCCP counters are
> incrementing
> when I try to hit a web site and I see the router is redirecting packets
> to
> the cache but the access.log does not show the requests making it to
> Squid.
>
> I am assuming that my port 80->3128 redirection or the GRE
> un-encapsulation
> is not happening right.
>
> Here is my PF translation rule:
> rdr on fxp0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 3128
>
> I do have "net.inet.ip.forwarding=1" and "net.inet.gre.wccp=1" set. I have
> compiled squid with the "enable-pf-transparent" option.
>
> Here is a short snippet from a tcpdump of the router when trying to access
> a
>
> web site via WCCP.
>
> 15:03:08.951713 207.19.167.199.2048 > cache1.metalink.net.2048: udp 64
> 15:03:19.140050 cache1.metalink.net.2048 > 207.19.167.199.2048: udp 52
> 15:03:19.141997 207.19.167.199.2048 > cache1.metalink.net.2048: udp 64
> 15:03:20.131678 gre-proto-0x883e (gre encap)
> 15:03:23.128623 gre-proto-0x883e (gre encap)
> 15:03:29.138911 gre-proto-0x883e (gre encap)
> 15:03:29.160045 cache1.metalink.net.2048 > 207.19.167.199.2048: udp 52
> 15:03:29.161871 207.19.167.199.2048 > cache1.metalink.net.2048: udp 64
>
> Anyone, have any idea what I missed or am doing wrong?
>
> Thanks in advance!
>
> ===
> Eric Merkel
> MetaLINK Technologies, Inc
Received on Tue Dec 07 2004 - 06:27:53 MST