Re: [squid-users] Transparent caching problem

From: Ryan Sumida <rsumida@dont-contact.us>
Date: Tue, 14 Mar 2006 17:38:18 -0800

I had a similar problem using CentOS 4. My problem turned out to be the
default Redhat iptables rules. Squid would work if I pointed my browser
to it but for some reason WCCP redirected packets would not get processed.
 I turned off the iptables service and then added the redirect rule. Works
fine now but I'm not sure why. I'll figure it out later.

Ryan

"Kamel A. Baba" <kamelbaba@ameritech.net>
03/14/2006 02:35 PM

To
squid-users@squid-cache.org
cc
Kamel Baba <kamelbaba@ameritech.net>
Subject
[squid-users] Transparent caching problem

Hi,

This is kind of driving me crazy. I've been trying to
get transparent caching to work for the last 2 days
without success.

I am only posting to get help after I read so much on
this and I think I quite understand what needs to be
done but still DG/SQUID do not see the traffic.

Ok, so I have a RHEL ES 4 box running DansGuardian and
Squid. DG listening on 8080 and squid on 3128. I have
a Cisco 3640 with wccp enabled. Router can see the
cache and traffic redirection on the router is working
fine and it gets all the way to the DG/squid box and
is actually being decapsulated (can see that through
ethereal). I am using the ip_wccp mod.
I also have the required iptables rule in place to
redirect traffic to DG port 8080.
Here's the output of iptables -t nat -L:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere
      tcp dpt:http redir ports 8080

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

If I manuallay setup my browser to point directly to
DG:8080, everything works nicely which tells me DG and
squid are able to work together ok in both direction.
I think the problem is somehow traffic is not getting
redirected to port 8080 after being decapsulated.
Any ideas why?

I have ip forwarding enabled. Also, here are the
relevent settings of DG:
filterip = 127.0.0.1
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128

and squid:
http_port 3128
acl localhost src 127.0.0.1/255.255.255.255
http_access allow localhost
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
wccp_router 80.246.48.1
wccp_version 4

from the router:
LOLROUTER#show ip wccp web-cache
Global WCCP information:
    Router information:
        Router Identifier:
80.246.49.5
        Protocol Version: 1.0

    Service Identifier: web-cache
        Number of Cache Engines: 1
        Number of routers: 1
        Total Packets Redirected: 1478790
        Redirect access-list: www
        Total Packets Denied Redirect: 0
        Total Packets Unassigned: 0
        Group access-list: -none-
        Total Messages Denied to Group: 0
        Total Authentication failures: 0

LOLROUTER#show ip wccp web-cache detail
WCCP Cache-Engine information:
        Web Cache ID: 0.0.0.0
        Protocol Version: 0.4
        State: Usable
        Initial Hash Info:
00000000000000000000000000000000
 
00000000000000000000000000000000
        Assigned Hash Info:
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
 
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
        Hash Allotment: 256 (100.00%)
        Packets Redirected: 219
        Connect Time: 01:56:26

Any help is much appreciated.

Thanks,
Kamel
Received on Tue Mar 14 2006 - 18:38:21 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST