Hello,
I added a gre tunnel and nothing it's still won't work.
-----------
Router#sh ip wccp
Global WCCP information:
Router information:
Router Identifier: router.33
Protocol Version: 1.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 312520
Process: 306237
Fast: 0
CEF: 6283
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Router#
---------------------------
These are my interfaces
2: bond0: <BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc noqueue
link/ether 00:11:0a:55:53:44 brd ff:ff:ff:ff:ff:ff
inet cache.45/27 brd cache.63 scope global bond0
inet6 fe80::200:ff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,SLAVE,UP> mtu 1500 qdisc pfifo_fast
master bond0 qlen 1000
link/ether 00:11:0a:55:53:44 brd ff:ff:ff:ff:ff:ff
inet6 fe80::211:aff:fe55:5344/64 scope link
valid_lft forever preferred_lft forever
6: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
link/gre 0.0.0.0 brd 0.0.0.0
inet 172.16.1.6/30 brd 172.16.1.7 scope global gre0
7: gre1@bond0: <POINTOPOINT,NOARP> mtu 1476 qdisc noop
link/gre cache.45 peer router.33
[root@cache network-scripts]# iptunnel
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc
gre0: gre/ip remote any local any ttl inherit nopmtudisc
gre1: gre/ip remote router.33 local cache.45 dev bond0 ttl inherit
[root@cache network-scripts]#
On 3/10/06, Henrik Nordstrom <henrik@henriknordstrom.net> wrote:
> fre 2006-03-10 klockan 16:54 -0800 skrev Daniel EPEE LEA:
>
> > 1- Loaded ip_gre module in the kernel ( I didn't use ip_wccp module)
>
> Did you also create the needed GRE tunnel on the linux box? If not
> ip_gre won't know what to do with the received GRE packets carrying the
> redirected traffic..
>
> the purpose of this gre tunnel is access control, authorizing the router
> to send encapsulated packets via the Linux box in this manner.
>
>
> > Chain PREROUTING (policy ACCEPT)
> > target prot opt source destination
> > REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> > dpt:80 redir ports 3128
>
> You should probably add a few rules above this accepting traffic to the
> server itself. Not strictly needed, but makes life a little saner if you
> indend to run a web server there for cachemgr.cgi, proxy.pac or
> whatever..
>
> > 3- My /etc/sysctl.conf
> > # Controls IP packet forwarding
> > net.ipv4.ip_forward = 1
>
> Ok.
>
> > # Controls source route verification
> > net.ipv4.conf.default.rp_filter = 0
>
> Ok.
>
> > I can see through tcpdump -i bond0 port 2048
> > that all the http packets going outside my network are sent by the
> > router to the squid server, but they are not processed by squid.
> > access.log is empty.
>
> port 2048 is just the WCCP control channel where the proxy and router
> agrees on what the traffic should be redirected. The actual redirection
> is done using a form of GRE.
>
> Regards
> Henrik
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.1 (GNU/Linux)
>
> iD8DBQBEEiEo516QwDnMM9sRAubOAJ9BSqc7yrLXVqpPBMCY4gWBxacEJACeNTaV
> hYd4fxKTmi+aXYRB3CrYTLY=
> =r7Lx
> -----END PGP SIGNATURE-----
>
>
>
Received on Fri Mar 10 2006 - 18:36:45 MST
This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST