RE: [squid-users] Problems with WCCP from Humberto Rodríguez on 2009-07-10 (squid-users)

From: Humberto Rodríguez <humberto_at_ceniai.inf.cu>
Date: Fri, 10 Jul 2009 12:32:14 -0500

Thank you so much. I forgot transparent option on http_port, I have another
old versions of squid running from long ago and it is not needed that
options.

-----Mensaje original-----
De: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Enviado el: Friday, July 10, 2009 10:02 AM
Para: Humberto Rodríguez
CC: 'Tom Penndorf'; squid-users_at_squid-cache.org
Asunto: Re: [squid-users] Problems with WCCP

Humberto Rodríguez wrote:
> Yes, I did it in my ipfw rules. I also created 2 gre interfaces for
> testing reasons, because the router identifier and the squid gateway
> are not the same.I also can see packets between the router and the
> server through gre protocol, but the squid server always show
> TCP_DENIED/400 1816 GET error:invalid-request - NONE/- text/html.

Did you remember to set the transparent or intercept option on http_port?

And what does this request headers look like that Squid is complaining
about?

Amos

> I also have installed FreeBSD 6.2-RELEASE and I use wccp v1.
> In my router ACL I deny my national traffic and permit any to any in my
last
> sentence.
>
> 00048 0 0 deny tcp from any to x.x.142.199 dst-port 3128
> 00049 0 0 allow gre from x.x.0.129 to x.x.142.199
> 00050 37687 20281343 allow tcp from x.x.142.199 to any out
> 00051 233 11168 allow tcp from any 80 to any out
> 00052 152 10796 allow gre from x.x.142.193 to x.x.142.199
> 00052 0 0 allow gre from x.x.142.199 to x.x.142.193
> 00054 0 0 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in
> recv gre1
> 00054 152 6968 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in
> recv gre0
> 00055 253 17177 allow udp from x.x.142.199 to any dst-port 53
> 00056 0 0 allow tcp from x.x.142.199 to any dst-port 53
> 00057 13322 17236149 allow tcp from any 80 to x.x.142.199 in
> 00067 8420 745002 allow tcp from any to any established
> 00068 16 932 allow ip from any to any via lo0
> 00071 549 44800 allow ip from x.x.142.199 to x.x.142.192/28
> 00072 809 102132 allow ip from x.x.142.192/28 to x.x.142.199
> 00081 0 0 allow ip from x.x.0.129 to x.x.142.199
> 00082 26 2080 allow ip from x.x.142.199 to x.x.0.129
>
> My gre-tunnels creation:
>
> ifconfig gre0 create
> ifconfig gre0 x.x.142.199 x.x.142.193 netmask 255.255.255.255 up
> ifconfig gre0 tunnel x.x.142.199 x.x.142.193
> route delete x.x.142.193
>
> ifconfig gre1 create
> ifconfig gre1 x.x.142.199 x.x.0.129 netmask 255.255.255.255 up
> ifconfig gre1 tunnel x.x.142.199 x.x.0.129
> route delete x.x.0.129
>
> Thanks In advance
> Humberto
>
> -----Mensaje original-----
> De: Tom Penndorf [mailto:tpenndorf_at_seibert-media.net]
> Enviado el: Thursday, July 09, 2009 1:19 PM
> Para: Humberto Rodríguez
> CC: squid-users_at_squid-cache.org
> Asunto: Re: [squid-users] Problems with WCCP
>
> Hello,
>
>
> Am 09.07.2009 um 19:06 schrieb Humberto Rodríguez:
>
>> Hello:
>>
>> I have SQUID 2.6.STABLE3 with wccp and a Cisco 3745 router with IOS
>> Version 12.3(8)T8. I can see packets between the router and the the
>> squid server, I can browse Internet through 3128 port, but I can't
>> browse Internet through wccp protocol.
>> The router always show me what following:
>>
>> Global WCCP information:
>> Router information:
>> Router Identifier: x.x.x.129
>> Protocol Version: 1.0
>>
>> Service Identifier: web-cache
>> Number of Cache Engines: 1
>> Number of routers: 1
>> Total Packets Redirected: 4696
>> Redirect access-list: cache
>> Total Packets Denied Redirect: 53336
>> Total Packets Unassigned: 0
>> Group access-list: -none-
>> Total Messages Denied to Group: 0
>> Total Authentication failures: 0
>> 3745-HLG#sh ip wccp web-cache de
>> 3745-HLG#sh ip wccp web-cache detail
>> WCCP Cache-Engine information:
>> Web Cache ID: 0.0.0.0
>> Protocol Version: 0.4
>> State: Usable
>> Initial Hash Info: 00000000000000000000000000000000
>> 00000000000000000000000000000000
>> Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>> FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>> Hash Allotment: 256 (100.00%)
>> Packets Redirected: 0
>> Connect Time: 00:11:01
>>
>> 3745-HLG#sh ip wccp web-cache view
>> WCCP Routers Informed of:
>> -none-
>>
>> WCCP Cache Engines Visible:
>> x.x.x.199
>>
>> WCCP Cache Engines NOT Visible:
>> -none-
>>
>>
>>
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus
>> signature database 4228 (20090709) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>
>
> did you setup an gre-tunnel between Router and Caching-Machine? Is the
port
> 80 forwarded to 3128?
>
> Set it up on the squid machine like described in this article:
> http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2
>
> I think the router setup is ok, but also see this article:
> http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv12Wccp
>
> Tom
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
signature
> database 4229 (20090709) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
   Current Beta Squid 3.1.0.9
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4229 (20090709) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com

Received on Fri Jul 10 2009 - 16:33:43 MDT

This archive was generated by hypermail 2.2.0 : Sat Jul 11 2009 - 12:00:02 MDT