Re: [squid-users] transparent proxy not working!! any advice?

From: <R_O_L_A_N_D_at_hotmail.com>
Date: Mon, 5 Jan 2009 16:43:41 +0200

Hello,
actually I have both of set on the lan interface ( am I mistaken to set the
"redirect out" on the lan interface? should I be setting it on the interface
facing the internet?)

ip wccp 80 redirect in
ip wccp 90 redirect out

as for the wiki provided, I fail to see what's missing!
obviously there is something, but I'm not detecting it!

--------------------------------------------------
From: "Regardt van de Vyver" <squid_at_vdvyver.net>
Sent: Monday, January 05, 2009 12:46 AM
Cc: <squid-users_at_squid-cache.org>
Subject: Re: [squid-users] transparent proxy not working!! any advice?

> Roland Roland wrote:
>> Hello,
>> the output of the debugging is as such:
>>
>>
>>
>> *Jan 4 23:16:43.205: WCCP-EVNT:D90: Here_I_Am packet from 192.168.0.183:
>> service not active
>> *Jan 4 23:16:43.205: WCCP-EVNT:D80: Here_I_Am packet from 192.168.0.183:
>> service not active
>>
>> what service is that?!
>>
>>
>>
>> --------------------------------------------------
>> From: "Regardt van de Vyver" <squid_at_vdvyver.net>
>> Sent: Sunday, January 04, 2009 9:33 PM
>> Cc: <squid-users_at_squid-cache.org>
>> Subject: Re: [squid-users] transparent proxy not working!! any advice?
>>
>>> Roland Roland wrote:
>>>> i've just created a new box with the following options:
>>>> but wccp with router is still not working!
>>>> any advice?
>>>>
>>>>
>>>> using centos 5.2
>>>> and squid 2.6
>>>> firewall enabled
>>>> SElinux permissive
>>>> -------------------------------------------------------
>>>> done the following:
>>>>
>>>> yum update yum
>>>>
>>>> yum install squid
>>>>
>>>> squid -z
>>>> -------------------------------------------------------
>>>> gedit /etc/rc.d/init.d/rc.local
>>>>
>>>> #added:
>>>> modprobe ip_gre
>>>> ifconfig gre0 192.168.0.183 netmask 255.255.255.0 up
>>>> #this is the same ip as my eth0
>>>>
>>>> ----------------------------------------------------
>>>> gedit /etc/sysconfig/iptables
>>>>
>>>> #added:
>>>> -A INPUT -i gre0 -j ACCEPT
>>>> -A INPUT -i gre0 -j ACCEPT
>>>> -A INPUT -p gre -j ACCEPT
>>>> #my routers lan interface 192.168.0.1
>>>> -A RH-Firewall-1-INPUT -s 192.168.0.1/24 -p udp -m udp --dport 2048 -j
>>>> ACCEPT
>>>> -------------------------------------------------------
>>>> service iptables condrestart
>>>> --------------------------------------------------------
>>>> gedit /etc/squid/squid.conf
>>>>
>>>> #edited/added the follwoing:
>>>> http_port 80 transparent
>>>> http_access allow all
>>>> wccp2_router 192.168.0.1
>>>> wccp_version 4
>>>> wccp2_rebuild_wait on
>>>> wccp2_forwarding_method 1
>>>> wccp2_return_method 1
>>>> wccp2_assignment_method 1
>>>> wccp2_service dynamic 80
>>>> wccp2_service dynamic 90
>>>> wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
>>>> ports=80
>>>> wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
>>>> priority=240 ports=80
>>>> ----------------------------------------------------------
>>>> Cisco router 2811 side:
>>>>
>>>> conf t
>>>> ip wccp version 2
>>>> ip wccp web-cache
>>>>
>>>> int f0/1 (Lan interface)
>>>> ip wccp 80 redirect in
>>>> ip wccp 90 redirect out
>>>> ----------------------------------------------------------
>>>> service squid restart
>>>>
>>>> then sh ip wccp on router gave me all hits as 0 no hits from squid to
>>>> router!!
>>>> ----------------------------------------------------------
>>>>
>>>> service iptables status
>>>>
>>>> [root_at_localhost ~]# service iptables status
>>>> Table: filter
>>>> Chain INPUT (policy ACCEPT)
>>>> num target prot opt source destination
>>>> 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
>>>> 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>>>> 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>>>> 4 ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
>>>>
>>>> Chain FORWARD (policy ACCEPT)
>>>> num target prot opt source destination
>>>> 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
>>>>
>>>> Chain OUTPUT (policy ACCEPT)
>>>> num target prot opt source destination
>>>>
>>>> Chain RH-Firewall-1-INPUT (2 references)
>>>> num target prot opt source destination
>>>> 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>>>> 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
>>>> type
>>>> 255
>>>> 3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
>>>> 4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
>>>> 5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
>>>> dpt:5353
>>>> 6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>>>> dpt:631
>>>> 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>>> dpt:631
>>>> 8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
>>>> RELATED,ESTABLISHED
>>>> 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
>>>> NEW
>>>> tcp dpt:22
>>>> 10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
>>>> NEW
>>>> tcp dpt:80
>>>> 11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
>>>> NEW
>>>> tcp dpt:5900
>>>> 12 ACCEPT udp -- 192.168.0.0/24 0.0.0.0/0 udp
>>>> dpt:2048
>>>> 13 REJECT all -- 0.0.0.0/0 0.0.0.0/0
>>>> reject-with icmp-host-prohibited
>>>>
>>>>
>>>> ---------------------------------------------------------------------------
>>>>
>>>>
>>>>
>>>> lsmod:
>>>>
>>>> Module Size Used by
>>>> ip_conntrack_netbios_ns 6977 0
>>>> xt_state 6209 4
>>>> ip_conntrack 53025 2 ip_conntrack_netbios_ns,xt_state
>>>> nfnetlink 10713 1 ip_conntrack
>>>> iptable_filter 7105 1
>>>> ip_tables 17029 1 iptable_filter
>>>> ip6table_filter 6849 1
>>>> ip6_tables 18053 1 ip6table_filter
>>>> nls_utf8 6208 1
>>>> ip_gre 16737 0
>>>> autofs4 24517 2
>>>> hidp 23105 2
>>>> rfcomm 42457 0
>>>> l2cap 29505 10 hidp,rfcomm
>>>> bluetooth 53797 5 hidp,rfcomm,l2cap
>>>> sunrpc 144893 1
>>>> ipt_REJECT 9537 1
>>>> ip6t_REJECT 9409 1
>>>> xt_tcpudp 7105 15
>>>> x_tables 17349 6
>>>> xt_state,ip_tables,ip6_tables,ipt_REJECT,ip6t_REJECT,xt_tcpudp
>>>> dm_multipath 22089 0
>>>> video 21193 0
>>>> sbs 18533 0
>>>> backlight 10049 1 video
>>>> i2c_ec 9025 1 sbs
>>>> button 10705 0
>>>> battery 13637 0
>>>> asus_acpi 19289 0
>>>> ac 9157 0
>>>> ipv6 258273 17 ip6t_REJECT
>>>> xfrm_nalgo 13765 1 ipv6
>>>> crypto_api 11969 1 xfrm_nalgo
>>>> lp 15849 0
>>>> floppy 57125 0
>>>> i2c_piix4 12237 0
>>>> pcnet32 35141 0
>>>> pcspkr 7105 0
>>>> i2c_core 23745 2 i2c_ec,i2c_piix4
>>>> mii 9409 1 pcnet32
>>>> ide_cd 40033 1
>>>> cdrom 36705 1 ide_cd
>>>> parport_pc 29157 1
>>>> serio_raw 10693 0
>>>> parport 37513 2 lp,parport_pc
>>>> dm_snapshot 21477 0
>>>> dm_zero 6209 0
>>>> dm_mirror 29125 0
>>>> dm_mod 61405 9
>>>> dm_multipath,dm_snapshot,dm_zero,dm_mirror
>>>> ata_piix 22341 0
>>>> libata 143997 1 ata_piix
>>>> sd_mod 24897 0
>>>> scsi_mod 134605 2 libata,sd_mod
>>>> ext3 123593 2
>>>> jbd 56553 1 ext3
>>>> uhci_hcd 25421 0
>>>> ohci_hcd 23261 0
>>>> ehci_hcd 33357 0
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> ifconfig:
>>>>
>>>> [root_at_localhost ~]# ifconfig
>>>> eth0 Link encap:Ethernet HWaddr 00:0C:29:F8:D0:AF
>>>> inet addr:192.168.0.183 Bcast:192.168.0.255
>>>> Mask:255.255.255.0
>>>> inet6 addr: fe80::20c:29ff:fef8:d0af/64 Scope:Link
>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>> RX packets:29956 errors:0 dropped:0 overruns:0 frame:0
>>>> TX packets:11948 errors:0 dropped:0 overruns:0 carrier:0
>>>> collisions:0 txqueuelen:1000
>>>> RX bytes:3673892 (3.5 MiB) TX bytes:7234153 (6.8 MiB)
>>>> Interrupt:169 Base address:0x2000
>>>>
>>>> gre0 Link encap:UNSPEC HWaddr
>>>> 00-00-00-00-B2-BF-68-33-00-00-00-00-00-00-00-00
>>>> inet addr:192.168.0.183 Mask:255.255.255.0
>>>> UP RUNNING NOARP MTU:1476 Metric:1
>>>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>>> collisions:0 txqueuelen:0
>>>> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>>>>
>>>> lo Link encap:Local Loopback
>>>> inet addr:127.0.0.1 Mask:255.0.0.0
>>>> inet6 addr: ::1/128 Scope:Host
>>>> UP LOOPBACK RUNNING MTU:16436 Metric:1
>>>> RX packets:2926 errors:0 dropped:0 overruns:0 frame:0
>>>> TX packets:2926 errors:0 dropped:0 overruns:0 carrier:0
>>>> collisions:0 txqueuelen:0
>>>> RX bytes:3257748 (3.1 MiB) TX bytes:3257748 (3.1 MiB)
>>>>
>>>> -------------------------------------------------------------------------------
>>>>
>>>>
>>>>
>>> Hi Roland,
>>>
>>> Have you had a look at the WCCP debugging messages on the Cisco?
>>> eg. on the cisco
>>> debug ip wccp events
>>> debug ip wccp packets
>>> terminal monitor
>>>
>>> That should give you some indication of wccp activity, also what does
>>> "sh ip wccp web-cache detail" show?
>>>
>>> Regardt
>>>
>>>
>>
> Hi Roland,
>
> Off the bat I'd guess its a missing
> "ip wccp 80" and a "ip wccp 90" on the Cisco.
>
> Also, just rechecking your config I'm wondering about missing /proc bits
> as per:
> http://wiki.squid-cache.org/ConfigExamples/MultiplePortsWithWccp2
>
> Regardt
>
>
Received on Mon Jan 05 2009 - 14:43:55 MST

This archive was generated by hypermail 2.2.0 : Tue Jan 06 2009 - 12:00:02 MST