viveksnv_at_aol.in wrote:
>
> Amos,
>
> Thanks again for your reply.
>
>
> We have configured squid + Tproxy + WCCP and client ip is redirect to
> the web server, but browser shows a connection timeout(110) error and it
> takes a long time even to display this error message. The access.log
> shows long timestamp value.
>
> forward log shows the request has been forwarded. Squid wotks perfectly
> fine when configured as transparent proxy.
Aha. Check MTUs. This type of forwarded and no reply issue is usually
seen on links where MTU-discovery is broken.
It may be that there are ICMP info packets being sent to the client
instead of Squid.
Amos
>
> We need your valuable advice and if possible can you point out few areas
> where are all the possibilities for the problems to arise.
>
> Thanks,
> vk
>
> viveksnv_at_aol.in wrote:
>
>> Amos,
>
>>
>> Thanks for your reply.
>
>>
>> Sorry, we are not using TPROXY but cttporxy 2.6.20-2.0.6, iptables
> 1.3.8
>> and linux kernal 2.6.20.21.
>
>> Cisco IOS 2800 Ver 12.4 (13b)
>
>>
>> WCCP+Tranparent proxy works good. Trproxy without wccp works well by
> not
>> revealing the server ip and only displaying the client ip. But once
> the
>> wccp is enabled with tproxy, the sever ip is revealed instead of the
>> client ip.
>
>>
>> Please scroll down below to check our previous mails.
>
>>
>> Any suggestions please.
>
>
> Other than checking your squid is built with --enable-linux-tproxy, none
> from me sorry.
>
> cttproxy was obsolete and officially unsupported before I ever heard of it.
>
>
> Amos
>
>
>>
>>
>> VK
>
>>
>>
>>
>> -----Original Message-----
>
>> From: Amos Jeffries <squid3_at_treenet.co.nz>
>
>> To: Ritter, Nicholas <Nicholas.Ritter_at_americantv.com>
>
>> Cc: viveksnv_at_aol.in; squid-users_at_squid-cache.org
>
>> Sent: Sat, 10 Jan 2009 8:06 am
>
>> 0ASubject: Re: [squid-users] Re: WCCP configuration
>
>>
>>
>>
>> Ritter, Nicholas wrote:
>>
>>> With TProxy, I think you need to use Squid3-HEAD to reliably fix
> your
>> issue....Amos would know for sure.
>>
>>>
>
>>> Nick
>>
>>>
>>
>> Yes. Squid-2.* has no support for TPROXY v4.1+
>>
>>
>> 3.1.0.3 or later is needed. Which is at least an RC beta now, more
>
>> stable that pure 3.HEAD alpha code.
>>
>>
>> Also the squid.conf and configure details have changed.
>>
>> http://wiki.squid-cache.org/Features/Tproxy4
>>
>>
>> Amos
>>
>>
>>>
>
>>> ________________________________
>>
>>>
>
>>> From: viveksnv_at_aol.in [mailto:viveksnv_at_aol.in]
>>
>>> Sent: Fri 1/9/2009 8:39 A
>
>> M
>>
>>> To: henrik_at_henriknordstrom.net
>>
>>> Cc: squid-users_at_squid-cache.org; squid3_at_treenet.co.nz
>>
>>> Subject: [squid-users] Re: WCCP configuration
>>
>>>
>
>>>
>
>>>
>
>>> Hi,
>>
>>>
>
>>> Thanks for the reply. It did help us solve the problem.
>>
>>>
>
>>> But there is a new issue.
>>
>>>
>
>>> We have configured as squid+tproxy. The squid ip is not displayed
> and
>>
>>> only the client ip is displayed when we do the proxy test. But after
>>
>>> configuring wccp we find that the server ip is displayed in the
> proxy
>>
>>> test instead of the client ip.
>>
>>>
>
>>> We also find that the http request is pathetically slow.
>>
>>>
>
>>> squid.conf
>> =0
>
>> A
>
>>>
>
>>> wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
>>
>>> ports=80
>>
>>> wccp2_service dynamic 90
>>
>>> wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
>>
>>> priority=240 ports=80
>>
>>>
>
>>> http_port 3128 transparent tproxy
>>
>>>
>
>>> iptable:
>>
>>> /usr/local/sbin/iptables -t tproxy -A PREROUTING -i wccp -p tcp -m
>> tcp
>>
>>> --dport 80 -j TPROXY --on-port 3128
>>
>>>
>
>>>
>
>>> We created a gre tunnel based on the router identifier.
>>
>>>
>
>>> wccp2_router xx.xx.xxx.xx (ip of router interface connected to squid
>>
>>> machine)
>>
>>>
>
>>> The following command is assigned at the router interface connected
>> =0
>
>> Ato
>>
>>> the lan.
>>
>>> ip wccp 80 redirect in
>>
>>> ip wccp 90 redirect out
>>
>>>
>
>>> Following command at the router interface connected to squid.
>>
>>> ip wccp redirect exclude in
>>
>>>
>
>>> Router : Cisco IOS Software, 2800 Software
>> (C2800NM-ADVIPSERVICESK9-M),
>>
>>> Version 12.4(13b)
>>
>>> Kernel : linux-2.6.20.21
>>
>>> IPtable : iptables-1.3.8
>>
>>> Os Ver : squid-2.7 Stable 5
>>
>>>
>
>>> #lsmod
>>
>>>
>
>>> ip_gre 19616 0
>>
>>> iptable_filter 11136 0
>>
>>> ipt_TPROXY 11136 1
>>
>>> ipt_REDIRECT 10624
>> 0
>>
>>> xt_tcpudp 11904 1
>>
>>> reiserfs 235144 5
>>
>>> iptable_tproxy 23036 2 ipt_TPROXY
>>
>>> iptable_nat 15492 1 iptable_tproxy
>>
>>> ip_nat 24620 3
>> ipt_REDIRECT,iptable_tproxy,iptable_nat
>>
>>> ip_tables 25448 3
>>
>>> iptable_filter,iptable_tproxy,iptable_nat
>>
>>> x_tables 23560 5
>>
>>> ipt_TPROXY,ipt_REDIRECT,xt_tcpudp,iptable_nat,ip_tables
>>
>>> ip_conntrack 53400 3 iptable_tproxy,iptable_nat,ip_nat
>>
>>>
>
>>>
>
>>> The internet works, b
>
>> ut the browsing is dead slow. Temporarily we have
>>
>>> bypassed squid to browse the net.
>>
>>>
>
>>>
>
>>> Thanks
>>
>>> VK
>>
>>>
>
>>>
>
>>> -----Original Message-----
>>
>>> From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
>>
>>> To: viveksnv_at_aol.in
>>
>>> Cc: squid3_at_treenet.co.nz; squid-users_at_squid-cache.org
>>
>>> Sent: Thu, 8 Jan 2009 12:05 am
>>
>>> Subject: Re: WCCP configuration
>>
>>>
>
>>>
>
>>> ons 2009-01-07 klockan 08:46 -0500 skrev viveksnv_at_aol.in:
>>
>>>
>
>>>> wccp2_router xxx.xx.xxx.xxx
>>
>>>> wccp_version 4
>>
>>>> wccp2_forwarding_method 1
>>
>>>> wccp2_return_method 1
>>
>>>> wccp2_assignment_method 1
>>
>>>> wccp2_service dynamic 8
>
>> 0
>>
>>>> wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
>>
>>>> ports=80
>>
>>>> wccp2_service dynamic 90
>>
>>>> wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
>>
>>>> priority=240 ports=80
>>
>>>>
>>
>>>>
>>
>>>> Router Eth0 - connected to lan. Eth1 - connecte to squid.
>>
>>>
>
>>> Have you also configured
>>
>>> * A loopback address on the router, giving it a easily identified
>> router
>>
>>> ID
>>
>>>
>
>>> * the required GRE/WCCP tunnel interface on the Squid server
>>
>>>
>
>>> * disabled rp_filter on the above GRE/WCCP interface.
>>
>>>
>
>>> * And adjusted the REDIRECT/NAT rules to act on traffic=2
>
>> 0received on the
>>
>>> GRE/WCCP interface configured above?
>>
>>>
>
>>>
>
>>>> Service Identifier: web-cache
>>
>>>> Number of Service Group Clients: 1
>>
>>>> Number of Service Group Routers: 1
>>
>>>> Total Packets s/w Redirected: 11336
>>
>>>> Process: 0
>>
>>>> Fast: 0
>>
>>>> CEF: 11336
>>
>>>
>
>>> Looks fine.
>> =0
>
>> A
>
>>>
>
>>>> Is there any simple way of configuring WCCP. We have beating round
>>
>>> the
>>
>>>> bush all day long to configure wccp.
>>
>>>
>
>>> WCCP as such is configured. But something is missing in the
>> interception
>>
>>> at the proxy. Most likely the GRE interface mentioned above.
>>
>>>
>
>>> Regards
>>
>>> Henrik
>>
>>>
>
>>>
>
>>>
>
>>>
>
>>>
>
>>>
>
>>>
>
>>>
>
>>
> ________________________________________________________________________
>>
>>
>>> You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
>> <http://webmail.aol.in/>
>
>>>
>
>>>
>
>>>
>
>>>
>>
>>
>> --
>> Please be using
>>
>> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
>>
>> Current Beta Squid 3.1.0.3
>>
>>
>>
>>
>>
>>
>>
> ________________________________________________________________________
>
>> You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
>
>
>
> --
> Please be using
>
> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
>
> Current Beta Squid 3.1.0.3
>
>
>
>
>
>
> ________________________________________________________________________
> You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
>
-- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11 Current Beta Squid 3.1.0.3Received on Wed Jan 14 2009 - 10:24:01 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 14 2009 - 12:00:03 MST