RE: [squid-users] WCCPv2 current instructions?

Thanks for all the help! I was able to get this up & running. My
setup, by the way, uses the new Cisco ASA5510 firewall for WCCP.
I am down to one issue at the moment, and I'm hoping for a little bit
more help. I've experienced a few times that certain websites (like
Ebay auctions) have problems. I can access most things on the site, but
certain functions just die horribly in timeout-land. When I put the
settings directly into the browser, I have no problem, but when running
transparent using WCCP I have this problem. My daughter also pointed
out (quickly) that she can't log in to MySpace (not a bad thing in my
opinion for her, but I'd still like to know why). Any idea where I can
start looking? Could this be an MTU issue? Thanks!
Shaun

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Saturday, September 16, 2006 3:11 AM
To: Shaun Skillin (home)
Cc: Squid Users
Subject: RE: [squid-users] WCCPv2 current instructions?

fre 2006-09-15 klockan 22:57 -0600 skrev Shaun Skillin (home):

> I'm afraid I must still be missing something... according to the FAQ
you
> referenced (thank you by the way), the <Host-IP> should be used for
the
> eth0 and the wccp0 interface, which of course it doesn't like to do.

Yes, and it works fine. There is no problem to have the same IP on many
interfaces.

> I used 1.2.3.4/32 for the wccp0 interface.

A few things works better if the wccp interface has the same IP.

> I see a redirected SYN packet arrive from the router to the Squid that
> is GRE encapsulated. Then I see the SYN packet (not in GRE tunnel)
sent
> to its gateway, but it is using the IP address of the original sender,
> not the Squid (however it does use the MAC of the Squid).

Then your firewall iptables rules is not set proper.

Regards
Henrik
Received on Wed Sep 20 2006 - 08:08:12 MDT