[squid-users] squid + wccp from Ramzi Abdallah on 2009-02-08 (squid-users)

From: Ramzi Abdallah <ramzi.abdallah_at_gmail.com>
Date: Sun, 8 Feb 2009 13:43:03 +0200

I am trying with no luck to setup squid Version 3.0.STABLE10 (Fedora core 9)
with wccp2. The configuration seems to be ok at least this is what the debug
logs are showing however squid does not receive any traffic. I tested squid
by pointing the browser to its IP and it works fine.

GRE tunnel and iptables configuration:
--------------------------------------
ip tunnel add wccp0 mode gre remote 192.168.114.250 local 192.168.114.15 dev
eth0
ip addr add 192.168.114.15/32 dev wccp0
ip link set wccp0 up

iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j REDIRECT
--to-port 3128

for some reason iptables -L is not showing anything

[root_at_mail ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

squid configuration:
-------------------
http_port 192.168.114.15:3128 transparent
wccp2_router 192.168.114.250
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0

GRE tunnel on the squid server
-------------------------------
wccp0 Link encap:UNSPEC HWaddr
C0-A8-72-0F-62-00-F4-3F-00-00-00-00-00-00-00-00
          inet addr:192.168.114.15 P-t-P:192.168.114.15
Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
          RX packets:898 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:36632 (35.7 KiB) TX bytes:0 (0.0 b)

tcpdump output
--------------
[root_at_mail ~]# tcpdump -i wccp0
tcpdump: WARNING: arptype 778 not supported by libpcap - falling back to
cooked socket
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wccp0, link-type LINUX_SLL (Linux cooked), capture size 96
bytes
12:55:08.548572 IP 192.168.114.24.58324 > 216.239.59.99.http: S
1289957374:1289957374(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:11.528111 IP 192.168.114.24.58324 > 216.239.59.99.http: S
1289957374:1289957374(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:17.530878 IP 192.168.114.24.58324 > 216.239.59.99.http: S
1289957374:1289957374(0) win 8192 <mss 1460,nop,nop,sackOK>
12:55:29.537282 IP 192.168.114.24.58325 > 216.239.59.103.http: S
3738044508:3738044508(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:32.530428 IP 192.168.114.24.58325 > 216.239.59.103.http: S
3738044508:3738044508(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:38.535350 IP 192.168.114.24.58325 > 216.239.59.103.http: S
3738044508:3738044508(0) win 8192 <mss 1460,nop,nop,sackOK>
12:55:50.547796 IP 192.168.114.24.58326 > 216.239.59.104.http: S
1946578578:1946578578(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:53.558196 IP 192.168.114.24.58326 > 216.239.59.104.http: S
1946578578:1946578578(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:59.580059 IP 192.168.114.24.58326 > 216.239.59.104.http: S
1946578578:1946578578(0) win 8192 <mss 1460,nop,nop,sackOK>
12:56:11.576625 IP 192.168.114.24.58334 > gv-in-f147.google.com.http: S
2444367043:2444367043(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:56:14.587049 IP 192.168.114.24.58334 > gv-in-f147.google.com.http: S
2444367043:2444367043(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>

Cisco Router configuration
--------------------------
gatekeeper#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.3(18), RELEASE
SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Wed 15-Mar-06 14:16 by dchih
Image text-base: 0x80008098, data-base: 0x81A0888C

ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
ROM: C2600 Software (C2600-IK9O3S3-M), Version 12.3(18), RELEASE SOFTWARE
(fc3)

gatekeeper uptime is 10 hours, 43 minutes
System returned to ROM by reload at 02:43:47 GMT Sun Feb 8 2009
System restarted at 02:46:30 GMT Sun Feb 8 2009
System image file is "flash:c2600-ik9o3s3-mz.123-18.bin"

interface FastEthernet0/0
description Office LAN
ip address 192.168.114.250 255.255.255.0
ip wccp web-cache redirect in
ip nat inside
ip nbar protocol-discovery
ip route-cache flow
duplex auto
speed auto

gatekeeper#sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier: 192.168.114.250
        Protocol Version: 2.0

    Service Identifier: web-cache
        Number of Cache Engines: 1
        Number of routers: 1
        Total Packets Redirected: 30
        Redirect access-list: -none-
        Total Packets Denied Redirect: 0
        Total Packets Unassigned: 0
        Group access-list: -none-
        Total Messages Denied to Group: 0
        Total Authentication failures: 0

----
gatekeeper#sh ip wccp web-cache detail
WCCP Cache-Engine information:
        Web Cache ID:          192.168.114.15
        Protocol Version:      2.0
        State:                 Usable
        Initial Hash Info:     00000000000000000000000000000000
                               00000000000000000000000000000000
        Assigned Hash Info:    FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
                               FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
        Hash Allotment:        256 (100.00%)
        Packets Redirected:    30
        Connect Time:          04:21:48
Router wccp debug
.Feb  7 21:11:09.541: WCCP-PKT:S00: Sending I_See_You packet to
192.168.114.15 w/ rcv_id 00000377
.Feb  7 21:11:19.550: WCCP-PKT:S00: Received valid Here_I_Am packet from
192.168.114.15 w/rcv_id 00000377
.Feb  7 21:11:19.550: WCCP-PKT:S00: Sending I_See_You packet to
192.168.114.15 w/ rcv_id 00000378
.Feb  7 21:11:29.558: WCCP-PKT:S00: Received valid Here_I_Am packet from
192.168.114.15 w/rcv_id 00000378
.Feb  7 21:11:29.558: WCCP-PKT:S00: Sending I_See_You packet to
192.168.114.15 w/ rcv_id 00000379
.Feb  7 21:11:39.567: WCCP-PKT:S00: Received valid Here_I_Am packet from
192.168.114.15 w/rcv_id 00000379
.Feb  7 21:11:39.567: WCCP-PKT:S00: Sending I_See_You packet to
192.168.114.15 w/ rcv_id 0000037A
.Feb  7 21:11:49.575: WCCP-PKT:S00: Received valid Here_I_Am packet from
192.168.114.15 w/rcv_id 0000037A
.Feb  7 21:11:49.579: WCCP-PKT:S00: Sending I_See_You packet to
192.168.114.15 w/ rcv_id 0000037B
.Feb  7 21:11:59.588: WCCP-PKT:S00: Received valid Here_I_Am packet from
192.168.114.15 w/rcv_id 0000037B
.Feb  7 21:11:59.588: WCCP-PKT:S00: Sending I_See_You packet to
192.168.114.15 w/ rcv_id 0000037C
Any help is greatly appreciated
Ramzi

Received on Sun Feb 08 2009 - 11:43:29 MST

This archive was generated by hypermail 2.2.0 : Sun Feb 08 2009 - 12:00:02 MST