RE: [squid-users] wccp working config example from Nuno Silva on 2008-09-10 (squid-users)

From: Nuno Silva <nsilva_at_acss.min-saude.pt>
Date: Wed, 10 Sep 2008 15:13:39 +0100

Amos.

Thank you very much, it started working, i was missing the 'iptables -t
nat -A POSTROUTING -j MASQUERADE'... what is the purpose of that?

And regarding the output of iptables -t filter -L *:

iptables: No chain/target/match by that name

Should the output be other?

Best regards and many many many many many many many thanks!
Nuno Silva

-----Mensagem original-----
De: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Enviada: quarta-feira, 10 de Setembro de 2008 9:41
Para: Nuno Silva
Cc: Dan Letkeman; squid-users
Assunto: Re: [squid-users] wccp working config example

Nuno Silva wrote:
> Hi there Dan.
>
>
>
> I'm having the same problem, i have read many diferent 'recipes' to
put
> wcccpv2 working on squid, but nothing yet.
>
> In all posts I read, i done everything, ipforward set to 1, gre
tunnel,
> iptables, and the only thing I can see is the browser message saying
> that the server is taking too long to respond
>
>
>
> router#*sh ip wccp*
>
> Global WCCP information:
>
> Router information:
>
> Router Identifier: 194.xxx.xxx.xxx
>
> Protocol Version: 2.0
>
>
>
> Service Identifier: web-cache
>
> Number of Cache Engines: 1
>
> Number of routers: 1
>
> *_Total Packets Redirected: 1168_*
>
> Redirect access-list: wccp-redirect
>
> Total Packets Denied Redirect: 51649
>
> Total Packets Unassigned: 11
>
> Group access-list: -none-
>
> Total Messages Denied to Group: 0
>
> Total Authentication failures: 0
>
> Total Bypassed Packets Received: 0
>
>
>
> When the packets start to be redirect to the squid, I start getting
> delays...the the failing message L
>
>
>
> On the Squid side, monitoring the gre1 tunnel, I can see incoming
traffic:
>
>
>
> gre1 Link encap:UNSPEC HWaddr
> C2-41-97-F9-00-00-00-00-00-00-00-00-00-00-00-00
>
> inet addr:127.0.0.2 P-t-P:127.0.0.2 Mask:255.255.255.255
>
> UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
>
> *RX packets:38903* errors:0 dropped:0 overruns:0 frame:0
>
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>
> collisions:0 txqueuelen:0
>
> *RX bytes:5151686* (4.9 MiB) TX bytes:0 (0.0 b)
>
>
>
>
>
> *squid:/home/pp# iptables -t nat -L*
>
> Chain PREROUTING (policy ACCEPT)
>
> target prot opt source destination
>
> REDIRECT tcp -- anywhere anywhere tcp
dpt:www
> redir ports 3128
>
> REDIRECT tcp -- anywhere anywhere tcp
> dpt:webcache redir ports 3128
>
> REDIRECT tcp -- anywhere anywhere tcp
> dpt:8000 redir ports 3128
>
>
>
> Chain POSTROUTING (policy ACCEPT)
>
> target prot opt source destination
>
>
>
> Chain OUTPUT (policy ACCEPT)
>
> target prot opt source destination
>
>
>

Try adding this to iptables:

iptables -t nat -A POSTROUTING -j MASQUERADE

also what is the status of these as relating to web traffic to/from
squid:
iptables -t filter -L *

Thing to look out for in Nuno's problem is traffic from the squid box
being redirected back at itself anywhere down the chain. In squid box
iptables and also the cisco box.

Amos

>
>
>
> I need held to find out what's wrong!
>
> Router info:
>
> IOS Software, 7200 Software (C7200-P-M), Version 12.2(25)S5, RELEASE
> SOFTWARE (fc1)
>
>
>
>
>
>
>
>
>
>
>
>
>
> -----Mensagem original-----
> De: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Enviada: quarta-feira, 10 de Setembro de 2008 3:48
> Para: Dan Letkeman
> Cc: squid-users
> Assunto: Re: [squid-users] wccp working config example
>
>
>
> > Hello,
>
> >
>
> > I have spent all day working on trying to get a working wccp config
>
> > with squid and a 2811 router running (C2800NM-ADVENTERPRISEK9-M),
>
> > Version 12.4(21)
>
> >
>
> > I have had it working before with a 2621 router running a 12.3 ios.
>
> >
>
> > I have read about 20 different posts/blogs with various different
>
> > instructions. If anyone has any configuration example or
instruction
>
> > list that is complete for a certain version of squid/linux/ios I
would
>
> > like to give it a try.
>
>
>
> WCCP is a little tricky as there are three parts to the config and all
>
> three are completely interchangeable depending on the hardware and
squid
>
> release involved.
>
>
>
> We are building a section in the config examples wiki pages to help
>
> though. http://wiki.squid-cache.org/ConfigExamples/Intercept
>
> The two pieces currently there already for WCCPv2 combine to a working
>
> config Cisco->FreeBSD for reference. Some older examples not yet
checked
>
> and cleaned up are in http://wiki.squid-cache.org/ConfigExamples with
Wccp
>
> in their names.
>
>
>
> If you get the config for your router going I'd be interested in
adding
>
> the bits for future reference.
>
>
>
> Amos
>
>
>
>
>
>
>
>
>
> No virus found in this incoming message.
>
> Checked by AVG - http://www.avg.com
>
> Version: 8.0.169 / Virus Database: 270.6.19/1663 - Release Date:
> 09-09-2008 19:04
>

-- 
Please use Squid 2.7.STABLE4 or 3.0.STABLE8
No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.169 / Virus Database: 270.6.19/1663 - Release Date:
09-09-2008 19:04

Received on Wed Sep 10 2008 - 14:10:02 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 10 2008 - 12:00:03 MDT