On Wed, 25 Aug 2010 15:47:18 -0700 (PDT), Shawn Wright
<swright_at_shawnigan.ca> wrote:
> Hello,
>
> I've been trying to get a transparent squid setup to work with our Cisco
> Cat 6500 MSFC layer 3 switch, which supports WCCP2 with L2 redirect (not
> GRE). I can see the traffic reaching the squid box, and using a
shorewall
> redirect rule, it should be reaching squid on port 3128, but I see no
> evidence of this in squid logs.
>
> tcpdump on the squid box shows this:
>
> 14:58:00.929489 IP 10.3.5.23.2565 > 136.1.241.33.80: S
> 4047376542:4047376542(0) win 65535 <mss 1460,nop,nop,sackOK>
> 14:58:00.929745 IP 136.1.241.33.80 > 10.3.5.23.2565: S
> 2225419399:2225419399(0) ack 4047376543 win 5840 <mss
1460,nop,nop,sackOK>
Um, ACK means *something* accepted the connection and responded to the
client box. All things working that should have been Squid.
>
> 10.3.5.23 is the client using a webbrowser to hit 136.1.241.33, with no
> proxy set.
> If I enable proxy to 72.2.0.4:80, squid works correctly, which confirms
> the redirect for port 80->3128 on the squid box is working.
>
> I'd appreciate some ideas on tracking down where this traffic is going.
The usual source of this behaviour is admin overlooking the fact that the
Squid box in these setups is a router (which *happens* to only route port
80 traffic passed in by the WCCP, but still routing). It requires packet
forwarding to be working and rp_filter to be disabled.
By "I enable proxy to 72.2.0.4:80" do you mean configuring the browser to
use a proxy at 72.2.0.4:80 ?
Or that you configure Squid to listen on 72.2.0.4:80 ?
Amos
Received on Thu Aug 26 2010 - 00:30:46 MDT
This archive was generated by hypermail 2.2.0 : Thu Aug 26 2010 - 12:00:02 MDT