Re: [squid-users] WCCP / no return traffic on gre interface from Chad Harrelson on 2007-05-09 (squid-users)

From: Chad Harrelson <coinflasher@dont-contact.us>
Date: Wed, 9 May 2007 15:27:17 -0400

Wow. Thanks Henrik! This is the command that got it going:
echo 0 >/proc/sys/net/ipv4/conf/gre1/rp_filter

I thought for sure that I had run across documentation that told me to
enable rp_filter. Oh, it's working now. Now on the WCCPv2....

When I try enabling version 2 I get the following error while sniffing
my external interface:

15:17:12.108896 IP 150.125.125.185 > 150.125.127.142: ICMP
150.125.125.185 protocol 47 port 34878 unreachable, length 84

(150.125.127.142 is the automatic router ID that is displayed under: sh ip wccp)

The only that has changed in squid is commenting out wccp_router
150.125.125.186 and adding the following lines:
wccp2_router 150.125.125.186
#wccp2_version 4
wccp2_rebuild_wait on
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service standard 0
wccp2_weight 10000

Any thoughts?

Thanks again,

-- Chad
On 5/9/07, Henrik Nordstrom <henrik@henriknordstrom.net> wrote:
> ons 2007-05-09 klockan 08:48 -0400 skrev Chad Harrelson:
> > Hello list,
> > I am still battling WCCP... My ultimate goal is to get WCCPv2
> > functioning properly on a RHEL5 box (squid-2.6.STABLE6-3.el5)
> > 2.6.18-8.el5xen -- connected to a Cisco 7600 (with SUP 720) ISO
> > 12.2(18). Since I am having no luck with WCCPv2 I have been using v1.
> > I have gotten as far as seeing http traffic leaving my gre interface
> > but I do not see that same traffic on eth0 (my external interface) and
> > of course the packets do not reach the destination. Here are my
> > relavant configs:
> >
> > modprobe ip_gre
> > iptunnel add gre1 mode gre remote 150.125.125.186 local
> > 150.125.125.185 dev eth0
> > ifconfig gre1 150.125.125.187 netmask 255.255.255.248 up (I have
> > tried many variations on IP addresses here. Having a real routable IP
> > is the only I can avoid seeing ICMP proto 47 unreachable errors on
> > eth0)
>
> You also need to disable rp_filter, and set up iptables interception
> rules. See the FAQ.
>
> http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-a7fed84c39e23407b93737da0815d1e6ed926a4f
>
> http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-935dbe4ef8ea8e21c1e04cc7753a09095c0d8285
>
> http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-1baf52754892d9355e3aa292dd70d96d74608b9b
>
> Regards
> Henrik
>
>
Received on Wed May 09 2007 - 13:27:21 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT