RE: [squid-users] squid + wccp

From: Ramzi Abdallah <ramzi.abdallah_at_gmail.com>
Date: Sun, 8 Feb 2009 16:15:35 +0200

Thanks david still no luck

From: David Rodríguez Fernández [mailto:davidrf_at_gmail.com]
Sent: Sunday, February 08, 2009 3:17 PM
To: Amos Jeffries
Cc: rabdallah_at_pobox.com; squid-users_at_squid-cache.org
Subject: Re: [squid-users] squid + wccp

Try this:
iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j DNAT
--to-destination 127.0.0.1:3128

On Sun, Feb 8, 2009 at 1:39 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
Ramzi Abdallah wrote:
I am trying with no luck to setup squid Version 3.0.STABLE10 (Fedora core 9)
with wccp2. The configuration seems to be ok at least this is what the debug
logs are showing however squid does not receive any traffic. I tested squid
by pointing the browser to its IP and it works fine.

GRE tunnel and iptables configuration:
--------------------------------------
ip tunnel add wccp0 mode gre remote 192.168.114.250 local 192.168.114.15 dev
eth0
ip addr add 192.168.114.15/32 dev wccp0
ip link set wccp0 up

iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j REDIRECT
--to-port 3128

for some reason iptables -L is not showing anything

iptables by default shows "-t filter"

try: iptables -t nat -L

squid configuration:
-------------------
http_port 192.168.114.15:3128 transparent
wccp2_router 192.168.114.250
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0

GRE tunnel on the squid server
-------------------------------
wccp0     Link encap:UNSPEC  HWaddr
C0-A8-72-0F-62-00-F4-3F-00-00-00-00-00-00-00-00
         inet addr:192.168.114.15  P-t-P:192.168.114.15
Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
         RX packets:898 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:36632 (35.7 KiB)  TX bytes:0 (0.0 b)

tcpdump output
--------------
[root_at_mail ~]# tcpdump -i wccp0
tcpdump: WARNING: arptype 778 not supported by libpcap - falling back to
cooked socket
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wccp0, link-type LINUX_SLL (Linux cooked), capture size 96
bytes
12:55:08.548572 IP 192.168.114.24.58324 > 216.239.59.99.http: S
1289957374:1289957374(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:11.528111 IP 192.168.114.24.58324 > 216.239.59.99.http: S
1289957374:1289957374(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:17.530878 IP 192.168.114.24.58324 > 216.239.59.99.http: S
1289957374:1289957374(0) win 8192 <mss 1460,nop,nop,sackOK>
12:55:29.537282 IP 192.168.114.24.58325 > 216.239.59.103.http: S
3738044508:3738044508(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:32.530428 IP 192.168.114.24.58325 > 216.239.59.103.http: S
3738044508:3738044508(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:38.535350 IP 192.168.114.24.58325 > 216.239.59.103.http: S
3738044508:3738044508(0) win 8192 <mss 1460,nop,nop,sackOK>
12:55:50.547796 IP 192.168.114.24.58326 > 216.239.59.104.http: S
1946578578:1946578578(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:53.558196 IP 192.168.114.24.58326 > 216.239.59.104.http: S
1946578578:1946578578(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:55:59.580059 IP 192.168.114.24.58326 > 216.239.59.104.http: S
1946578578:1946578578(0) win 8192 <mss 1460,nop,nop,sackOK>
12:56:11.576625 IP 192.168.114.24.58334 > gv-in-f147.google.com.http: S
2444367043:2444367043(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
12:56:14.587049 IP 192.168.114.24.58334 > gv-in-f147.google.com.http: S
2444367043:2444367043(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>

Cisco Router configuration
--------------------------
gatekeeper#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.3(18), RELEASE
SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Wed 15-Mar-06 14:16 by dchih
Image text-base: 0x80008098, data-base: 0x81A0888C

ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
ROM: C2600 Software (C2600-IK9O3S3-M), Version 12.3(18), RELEASE SOFTWARE
(fc3)

gatekeeper uptime is 10 hours, 43 minutes
System returned to ROM by reload at 02:43:47 GMT Sun Feb 8 2009
System restarted at 02:46:30 GMT Sun Feb 8 2009
System image file is "flash:c2600-ik9o3s3-mz.123-18.bin"

interface FastEthernet0/0
 description Office LAN
 ip address 192.168.114.250 255.255.255.0
 ip wccp web-cache redirect in
 ip nat inside
 ip nbar protocol-discovery
 ip route-cache flow
 duplex auto
 speed auto

gatekeeper#sh ip wccp
Global WCCP information:
   Router information:
       Router Identifier:                   192.168.114.250
       Protocol Version:                    2.0

   Service Identifier: web-cache
       Number of Cache Engines:             1
       Number of routers:                   1
       Total Packets Redirected:            30
       Redirect access-list:                -none-
       Total Packets Denied Redirect:       0
       Total Packets Unassigned:            0
       Group access-list:                   -none-
       Total Messages Denied to Group:      0
       Total Authentication failures:       0

----
gatekeeper#sh ip wccp web-cache detail
WCCP Cache-Engine information:
       Web Cache ID:          192.168.114.15
       Protocol Version:      2.0
       State:                 Usable
       Initial Hash Info:     00000000000000000000000000000000
                              00000000000000000000000000000000
       Assigned Hash Info:    FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
                              FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
       Hash Allotment:        256 (100.00%)
       Packets Redirected:    30
       Connect Time:          04:21:48
Router wccp debug
.Feb  7 21:11:09.541: WCCP-PKT:S00: Sending I_See_You packet to
192.168.114.15 w/ rcv_id 00000377
.Feb  7 21:11:19.550: WCCP-PKT:S00: Received valid Here_I_Am packet from
192.168.114.15 w/rcv_id 00000377
.Feb  7 21:11:19.550: WCCP-PKT:S00: Sending I_See_You packet to
192.168.114.15 w/ rcv_id 00000378
.Feb  7 21:11:29.558: WCCP-PKT:S00: Received valid Here_I_Am packet from
192.168.114.15 w/rcv_id 00000378
.Feb  7 21:11:29.558: WCCP-PKT:S00: Sending I_See_You packet to
192.168.114.15 w/ rcv_id 00000379
.Feb  7 21:11:39.567: WCCP-PKT:S00: Received valid Here_I_Am packet from
192.168.114.15 w/rcv_id 00000379
Does the squid cache.log show anything similar?
Amos
-- 
Please be using
 Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
 Current Beta Squid 3.1.0.5
Received on Sun Feb 08 2009 - 14:15:59 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 09 2009 - 12:00:02 MST