Re: [squid-users] transparent proxy not working!! any advice?

Roland Roland wrote:
> Hello,
> the output of the debugging is as such:
>
>
>
> *Jan 4 23:16:43.205: WCCP-EVNT:D90: Here_I_Am packet from
> 192.168.0.183: service not active
> *Jan 4 23:16:43.205: WCCP-EVNT:D80: Here_I_Am packet from
> 192.168.0.183: service not active
>
> what service is that?!
>
>
>
> --------------------------------------------------
> From: "Regardt van de Vyver" <squid_at_vdvyver.net>
> Sent: Sunday, January 04, 2009 9:33 PM
> Cc: <squid-users_at_squid-cache.org>
> Subject: Re: [squid-users] transparent proxy not working!! any advice?
>
>> Roland Roland wrote:
>>> i've just created a new box with the following options:
>>> but wccp with router is still not working!
>>> any advice?
>>>
>>>
>>> using centos 5.2
>>> and squid 2.6
>>> firewall enabled
>>> SElinux permissive
>>> -------------------------------------------------------
>>> done the following:
>>>
>>> yum update yum
>>>
>>> yum install squid
>>>
>>> squid -z
>>> -------------------------------------------------------
>>> gedit /etc/rc.d/init.d/rc.local
>>>
>>> #added:
>>> modprobe ip_gre
>>> ifconfig gre0 192.168.0.183 netmask 255.255.255.0 up
>>> #this is the same ip as my eth0
>>>
>>> ----------------------------------------------------
>>> gedit /etc/sysconfig/iptables
>>>
>>> #added:
>>> -A INPUT -i gre0 -j ACCEPT
>>> -A INPUT -i gre0 -j ACCEPT
>>> -A INPUT -p gre -j ACCEPT
>>> #my routers lan interface 192.168.0.1
>>> -A RH-Firewall-1-INPUT -s 192.168.0.1/24 -p udp -m udp --dport 2048 -j
>>> ACCEPT
>>> -------------------------------------------------------
>>> service iptables condrestart
>>> --------------------------------------------------------
>>> gedit /etc/squid/squid.conf
>>>
>>> #edited/added the follwoing:
>>> http_port 80 transparent
>>> http_access allow all
>>> wccp2_router 192.168.0.1
>>> wccp_version 4
>>> wccp2_rebuild_wait on
>>> wccp2_forwarding_method 1
>>> wccp2_return_method 1
>>> wccp2_assignment_method 1
>>> wccp2_service dynamic 80
>>> wccp2_service dynamic 90
>>> wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
>>> ports=80
>>> wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
>>> priority=240 ports=80
>>> ----------------------------------------------------------
>>> Cisco router 2811 side:
>>>
>>> conf t
>>> ip wccp version 2
>>> ip wccp web-cache
>>>
>>> int f0/1 (Lan interface)
>>> ip wccp 80 redirect in
>>> ip wccp 90 redirect out
>>> ----------------------------------------------------------
>>> service squid restart
>>>
>>> then sh ip wccp on router gave me all hits as 0 no hits from squid to
>>> router!!
>>> ----------------------------------------------------------
>>>
>>> service iptables status
>>>
>>> [root_at_localhost ~]# service iptables status
>>> Table: filter
>>> Chain INPUT (policy ACCEPT)
>>> num target prot opt source destination
>>> 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
>>> 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>>> 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>>> 4 ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
>>>
>>> Chain FORWARD (policy ACCEPT)
>>> num target prot opt source destination
>>> 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
>>>
>>> Chain OUTPUT (policy ACCEPT)
>>> num target prot opt source destination
>>>
>>> Chain RH-Firewall-1-INPUT (2 references)
>>> num target prot opt source destination
>>> 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>>> 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
>>> icmp type
>>> 255
>>> 3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
>>> 4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
>>> 5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
>>> dpt:5353
>>> 6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>>> dpt:631
>>> 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>> dpt:631
>>> 8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
>>> RELATED,ESTABLISHED
>>> 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
>>> state NEW
>>> tcp dpt:22
>>> 10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
>>> state NEW
>>> tcp dpt:80
>>> 11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
>>> state NEW
>>> tcp dpt:5900
>>> 12 ACCEPT udp -- 192.168.0.0/24 0.0.0.0/0 udp
>>> dpt:2048
>>> 13 REJECT all -- 0.0.0.0/0 0.0.0.0/0
>>> reject-with icmp-host-prohibited
>>>
>>>
>>> ---------------------------------------------------------------------------
>>>
>>>
>>>
>>> lsmod:
>>>
>>> Module Size Used by
>>> ip_conntrack_netbios_ns 6977 0
>>> xt_state 6209 4
>>> ip_conntrack 53025 2 ip_conntrack_netbios_ns,xt_state
>>> nfnetlink 10713 1 ip_conntrack
>>> iptable_filter 7105 1
>>> ip_tables 17029 1 iptable_filter
>>> ip6table_filter 6849 1
>>> ip6_tables 18053 1 ip6table_filter
>>> nls_utf8 6208 1
>>> ip_gre 16737 0
>>> autofs4 24517 2
>>> hidp 23105 2
>>> rfcomm 42457 0
>>> l2cap 29505 10 hidp,rfcomm
>>> bluetooth 53797 5 hidp,rfcomm,l2cap
>>> sunrpc 144893 1
>>> ipt_REJECT 9537 1
>>> ip6t_REJECT 9409 1
>>> xt_tcpudp 7105 15
>>> x_tables 17349 6
>>> xt_state,ip_tables,ip6_tables,ipt_REJECT,ip6t_REJECT,xt_tcpudp
>>> dm_multipath 22089 0
>>> video 21193 0
>>> sbs 18533 0
>>> backlight 10049 1 video
>>> i2c_ec 9025 1 sbs
>>> button 10705 0
>>> battery 13637 0
>>> asus_acpi 19289 0
>>> ac 9157 0
>>> ipv6 258273 17 ip6t_REJECT
>>> xfrm_nalgo 13765 1 ipv6
>>> crypto_api 11969 1 xfrm_nalgo
>>> lp 15849 0
>>> floppy 57125 0
>>> i2c_piix4 12237 0
>>> pcnet32 35141 0
>>> pcspkr 7105 0
>>> i2c_core 23745 2 i2c_ec,i2c_piix4
>>> mii 9409 1 pcnet32
>>> ide_cd 40033 1
>>> cdrom 36705 1 ide_cd
>>> parport_pc 29157 1
>>> serio_raw 10693 0
>>> parport 37513 2 lp,parport_pc
>>> dm_snapshot 21477 0
>>> dm_zero 6209 0
>>> dm_mirror 29125 0
>>> dm_mod 61405 9
>>> dm_multipath,dm_snapshot,dm_zero,dm_mirror
>>> ata_piix 22341 0
>>> libata 143997 1 ata_piix
>>> sd_mod 24897 0
>>> scsi_mod 134605 2 libata,sd_mod
>>> ext3 123593 2
>>> jbd 56553 1 ext3
>>> uhci_hcd 25421 0
>>> ohci_hcd 23261 0
>>> ehci_hcd 33357 0
>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>>> ifconfig:
>>>
>>> [root_at_localhost ~]# ifconfig
>>> eth0 Link encap:Ethernet HWaddr 00:0C:29:F8:D0:AF
>>> inet addr:192.168.0.183 Bcast:192.168.0.255
>>> Mask:255.255.255.0
>>> inet6 addr: fe80::20c:29ff:fef8:d0af/64 Scope:Link
>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>> RX packets:29956 errors:0 dropped:0 overruns:0 frame:0
>>> TX packets:11948 errors:0 dropped:0 overruns:0 carrier:0
>>> collisions:0 txqueuelen:1000
>>> RX bytes:3673892 (3.5 MiB) TX bytes:7234153 (6.8 MiB)
>>> Interrupt:169 Base address:0x2000
>>>
>>> gre0 Link encap:UNSPEC HWaddr
>>> 00-00-00-00-B2-BF-68-33-00-00-00-00-00-00-00-00
>>> inet addr:192.168.0.183 Mask:255.255.255.0
>>> UP RUNNING NOARP MTU:1476 Metric:1
>>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>> collisions:0 txqueuelen:0
>>> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>>>
>>> lo Link encap:Local Loopback
>>> inet addr:127.0.0.1 Mask:255.0.0.0
>>> inet6 addr: ::1/128 Scope:Host
>>> UP LOOPBACK RUNNING MTU:16436 Metric:1
>>> RX packets:2926 errors:0 dropped:0 overruns:0 frame:0
>>> TX packets:2926 errors:0 dropped:0 overruns:0 carrier:0
>>> collisions:0 txqueuelen:0
>>> RX bytes:3257748 (3.1 MiB) TX bytes:3257748 (3.1 MiB)
>>>
>>> -------------------------------------------------------------------------------
>>>
>>>
>>>
>> Hi Roland,
>>
>> Have you had a look at the WCCP debugging messages on the Cisco?
>> eg. on the cisco
>> debug ip wccp events
>> debug ip wccp packets
>> terminal monitor
>>
>> That should give you some indication of wccp activity, also what does
>> "sh ip wccp web-cache detail" show?
>>
>> Regardt
>>
>>
>
Hi Roland,

Off the bat I'd guess its a missing
"ip wccp 80" and a "ip wccp 90" on the Cisco.

Also, just rechecking your config I'm wondering about missing /proc bits
as per:
http://wiki.squid-cache.org/ConfigExamples/MultiplePortsWithWccp2

Regardt
Received on Sun Jan 04 2009 - 22:48:10 MST