Amos,
Thanks again for your reply.
We have configured squid + Tproxy + WCCP and client ip is redirect to
the web server, but browser shows a connection timeout(110) error and
it takes a long time even to display this error message. The access.log
shows long timestamp value.
forward log shows the request has been forwarded. Squid wotks perfectly
fine when configured as transparent proxy.
We need your valuable advice and if possible can you point out few
areas where are all the possibilities for the problems to arise.
Thanks,
vk
viveksnv_at_aol.in wrote:
> Amos,
>
> Thanks for your reply.
>
> Sorry, we are not using TPROXY but cttporxy 2.6.20-2.0.6, iptables
1.3.8
> and linux kernal 2.6.20.21.
> Cisco IOS 2800 Ver 12.4 (13b)
>
> WCCP+Tranparent proxy works good. Trproxy without wccp works well by
not
> revealing the server ip and only displaying the client ip. But once
the
> wccp is enabled with tproxy, the sever ip is revealed instead of the
> client ip.
>
> Please scroll down below to check our previous mails.
>
> Any suggestions please.
Other than checking your squid is built with --enable-linux-tproxy,
none
from me sorry.
cttproxy was obsolete and officially unsupported before I ever heard of
it.
Amos
>
>
> VK
>
>
>
> -----Original Message-----
> From: Amos Jeffries <squid3_at_treenet.co.nz>
> To: Ritter, Nicholas <Nicholas.Ritter_at_americantv.com>
> Cc: viveksnv_at_aol.in; squid-users_at_squid-cache.org
> Sent: Sat, 10 Jan 2009 8:06 am
> 0ASubject: Re: [squid-users] Re: WCCP configuration
>
>
>
> Ritter, Nicholas wrote:
>
>> With TProxy, I think you need to use Squid3-HEAD to reliably fix
your
> issue....Amos would know for sure.
>
>>
>> Nick
>
>>
>
> Yes. Squid-2.* has no support for TPROXY v4.1+
>
>
> 3.1.0.3 or later is needed. Which is at least an RC beta now, more
> stable that pure 3.HEAD alpha code.
>
>
> Also the squid.conf and configure details have changed.
>
> http://wiki.squid-cache.org/Features/Tproxy4
>
>
> Amos
>
>
>>
>> ________________________________
>
>>
>> From: viveksnv_at_aol.in [mailto:viveksnv_at_aol.in]
>
>> Sent: Fri 1/9/2009 8:39 A
> M
>
>> To: henrik_at_henriknordstrom.net
>
>> Cc: squid-users_at_squid-cache.org; squid3_at_treenet.co.nz
>
>> Subject: [squid-users] Re: WCCP configuration
>
>>
>>
>>
>> Hi,
>
>>
>> Thanks for the reply. It did help us solve the problem.
>
>>
>> But there is a new issue.
>
>>
>> We have configured as squid+tproxy. The squid ip is not displayed
and
>
>> only the client ip is displayed when we do the proxy test. But after
>
>> configuring wccp we find that the server ip is displayed in the
proxy
>
>> test instead of the client ip.
>
>>
>> We also find that the http request is pathetically slow.
>
>>
>> squid.conf
> =0
> A
>>
>> wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
>
>> ports=80
>
>> wccp2_service dynamic 90
>
>> wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
>
>> priority=240 ports=80
>
>>
>> http_port 3128 transparent tproxy
>
>>
>> iptable:
>
>> /usr/local/sbin/iptables -t tproxy -A PREROUTING -i wccp -p tcp -m
> tcp
>
>> --dport 80 -j TPROXY --on-port 3128
>
>>
>>
>> We created a gre tunnel based on the router identifier.
>
>>
>> wccp2_router xx.xx.xxx.xx (ip of router interface connected to squid
>
>> machine)
>
>>
>> The following command is assigned at the router interface connected
> =0
> Ato
>
>> the lan.
>
>> ip wccp 80 redirect in
>
>> ip wccp 90 redirect out
>
>>
>> Following command at the router interface connected to squid.
>
>> ip wccp redirect exclude in
>
>>
>> Router : Cisco IOS Software, 2800 Software
> (C2800NM-ADVIPSERVICESK9-M),
>
>> Version 12.4(13b)
>
>> Kernel : linux-2.6.20.21
>
>> IPtable : iptables-1.3.8
>
>> Os Ver : squid-2.7 Stable 5
>
>>
>> #lsmod
>
>>
>> ip_gre 19616 0
>
>> iptable_filter 11136 0
>
>> ipt_TPROXY 11136 1
>
>> ipt_REDIRECT 10624
> 0
>
>> xt_tcpudp 11904 1
>
>> reiserfs 235144 5
>
>> iptable_tproxy 23036 2 ipt_TPROXY
>
>> iptable_nat 15492 1 iptable_tproxy
>
>> ip_nat 24620 3
> ipt_REDIRECT,iptable_tproxy,iptable_nat
>
>> ip_tables 25448 3
>
>> iptable_filter,iptable_tproxy,iptable_nat
>
>> x_tables 23560 5
>
>> ipt_TPROXY,ipt_REDIRECT,xt_tcpudp,iptable_nat,ip_tables
>
>> ip_conntrack 53400 3 iptable_tproxy,iptable_nat,ip_nat
>
>>
>>
>> The internet works, b
> ut the browsing is dead slow. Temporarily we have
>
>> bypassed squid to browse the net.
>
>>
>>
>> Thanks
>
>> VK
>
>>
>>
>> -----Original Message-----
>
>> From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
>
>> To: viveksnv_at_aol.in
>
>> Cc: squid3_at_treenet.co.nz; squid-users_at_squid-cache.org
>
>> Sent: Thu, 8 Jan 2009 12:05 am
>
>> Subject: Re: WCCP configuration
>
>>
>>
>> ons 2009-01-07 klockan 08:46 -0500 skrev viveksnv_at_aol.in:
>
>>
>>> wccp2_router xxx.xx.xxx.xxx
>
>>> wccp_version 4
>
>>> wccp2_forwarding_method 1
>
>>> wccp2_return_method 1
>
>>> wccp2_assignment_method 1
>
>>> wccp2_service dynamic 8
> 0
>
>>> wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
>
>>> ports=80
>
>>> wccp2_service dynamic 90
>
>>> wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
>
>>> priority=240 ports=80
>
>>>
>
>>>
>
>>> Router Eth0 - connected to lan. Eth1 - connecte to squid.
>
>>
>> Have you also configured
>
>> * A loopback address on the router, giving it a easily identified
> router
>
>> ID
>
>>
>> * the required GRE/WCCP tunnel interface on the Squid server
>
>>
>> * disabled rp_filter on the above GRE/WCCP interface.
>
>>
>> * And adjusted the REDIRECT/NAT rules to act on traffic=2
> 0received on the
>
>> GRE/WCCP interface configured above?
>
>>
>>
>>> Service Identifier: web-cache
>
>>> Number of Service Group Clients: 1
>
>>> Number of Service Group Routers: 1
>
>>> Total Packets s/w Redirected: 11336
>
>>> Process: 0
>
>>> Fast: 0
>
>>> CEF: 11336
>
>>
>> Looks fine.
> =0
> A
>>
>>> Is there any simple way of configuring WCCP. We have beating round
>
>> the
>
>>> bush all day long to configure wccp.
>
>>
>> WCCP as such is configured. But something is missing in the
> interception
>
>> at the proxy. Most likely the GRE interface mentioned above.
>
>>
>> Regards
>
>> Henrik
>
>>
>>
>>
>>
>>
>>
>>
>>
>
________________________________________________________________________
>
>
>> You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
> <http://webmail.aol.in/>
>>
>>
>>
>>
>
>
> --
> Please be using
>
> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
>
> Current Beta Squid 3.1.0.3
>
>
>
>
>
>
>
________________________________________________________________________
> You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
-- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11 Current Beta Squid 3.1.0.3 ________________________________________________________________________ You are invited to Get a Free AOL Email ID. - http://webmail.aol.inReceived on Wed Jan 14 2009 - 09:56:57 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 14 2009 - 12:00:03 MST