Re: [squid-users] Squid + Cisco 4500 + WCCP2 from Ioannis Pliatsikas on 2012-07-25 (squid-users)

From: Ioannis Pliatsikas <gpliats_at_ee.duth.gr>
Date: Wed, 25 Jul 2012 10:29:14 +0000

Only 1 interface is available

Sorry. forgot to add that i have also configured that

echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward

Thank you
John

On Wed, 25 Jul 2012 15:05:33 +0530, Indunil Jayasooriya wrote:
> On Wed, Jul 25, 2012 at 3:04 PM, Indunil Jayasooriya
> <indunil75_at_gmail.com> wrote:
>>
>>
>> Can your squid box to go to internet ? ( Pls check /etc/resolv.conf
>> file )
>>
>> How many interfaces does your squid box have?
>>
>> 1 or 2 ?
>>
>> in /etc/sysctl.conf file , pls check net.ipv4.ip_forward parameter?
>> try
>> to make it to one in following manner.
>>
>> net.ipv4.ip_forward = 1
>>
>>
>>
>>
>>
>>
>> On Wed, Jul 25, 2012 at 2:13 PM, Ioannis Pliatsikas
>> <gpliats_at_ee.duth.gr>
>> wrote:
>>>
>>> Very sorry for bothering you again
>>>
>>> although i get the redirection from the router to squid, using
>>> tcpdump
>>> (10.72.192.61 test internal address)
>>>
>>> 11:38:37.956330 IP 199.47.218.151.80 > 10.72.192.61.50690: Flags
>>> [S.],
>>> seq 1048613649, ack 1347334415, win 14600, options [mss
>>> 1460,nop,nop,sackOK,nop,wscale 4], length 0
>>> 11:38:38.399796 IP 10.72.192.61.50697 > 199.47.218.151.80: Flags
>>> [S], seq
>>> 3043000771, win 8192, options [mss 1460,nop,wscale
>>> 2,nop,nop,sackOK], length
>>> 0
>>> 11:38:38.399880 IP 199.47.218.151.80 > 10.72.192.61.50697: Flags
>>> [S.],
>>> seq 3389808826, ack 3043000772, win 14600, options [mss
>>> 1460,nop,nop,sackOK,nop,wscale 4], length 0
>>> 11:38:39.756353 IP 199.47.218.151.80 > 10.72.192.61.50697: Flags
>>> [S.],
>>> seq 3389808826, ack 3043000772, win 14600, options [mss
>>> 1460,nop,nop,sackOK,nop,wscale 4], length 0
>>> 11:38:41.356350 IP 176.9.44.80.80 > 10.72.192.61.50693: Flags [S.],
>>> seq
>>> 326259738, ack 1299448389, win 14600, options [mss
>>> 1460,nop,nop,sackOK,nop,wscale 4], length 0
>>> 11:38:41.409101 IP 10.72.192.61.50697 > 199.47.218.151.80: Flags
>>> [S], seq
>>> 3043000771, win 8192, options [mss 1460,nop,wscale
>>> 2,nop,nop,sackOK], length
>>> 0
>>> 11:38:41.409164 IP 199.47.218.151.80 > 10.72.192.61.50697: Flags
>>> [S.],
>>> seq 3389808826, ack 3043000772, win 14600, options [mss
>>> 1460,nop,nop,sackOK,nop,wscale 4], length 0
>>> 11:38:41.556343 IP 176.9.44.80.80 > 10.72.192.61.50694: Flags [S.],
>>> seq
>>> 2634200113, ack 3423797704, win 14600, options [mss
>>> 1460,nop,nop,sackOK,nop,wscale 4], length 0
>>> 11:38:41.756336 IP 199.47.218.151.80 > 10.72.192.61.50697: Flags
>>> [S.],
>>> seq 3389808826, ack 3043000772, win 14600, options [mss
>>> 1460,nop,nop,sackOK,nop,wscale 4], length 0
>>> 11:38:41.756362 IP 209.85.148.139.80 > 10.72.192.61.50695: Flags
>>> [S.],
>>> seq 2040290141, ack 953271924, win 14600, options [mss
>>> 1460,nop,nop,sackOK,nop,wscale 4], length 0
>>> 11:38:42.356340 IP 209.85.148.139.80 > 10.72.192.61.50696: Flags
>>> [S.],
>>> seq 69242255, ack 3941278742, win 14600, options [mss
>>> 1460,nop,nop,sackOK,nop,wscale 4], length 0
>>>
>>>
>>> i still can't get linux to redirect to squid (port 8080),
>>> access.log is
>>> empty
>>>
>>> i use the following iptables
>>>
>>>
>>> -------------------------------------------------------------------------
>>> # Generated by iptables-save v1.4.12.1 on Wed Jul 25 11:36:37 2012
>>> *filter
>>> :INPUT ACCEPT [105007:140596865]
>>> :FORWARD ACCEPT [3:120]
>>> :OUTPUT ACCEPT [212743:136992211]
>>> -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
>>> -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
>>> COMMIT
>>> # Completed on Wed Jul 25 11:36:37 2012
>>> # Generated by iptables-save v1.4.12.1 on Wed Jul 25 11:36:37 2012
>>> *nat
>>> :PREROUTING ACCEPT [0:0]
>>> :INPUT ACCEPT [1254:65132]
>>> :OUTPUT ACCEPT [118:7345]
>>> :POSTROUTING ACCEPT [0:0]
>>> -A PREROUTING -d $SQUID_IP -i eth0 -p tcp -j ACCEPT
>>> -A PREROUTING -s $NETWORK_SPACE -i eth0 -p tcp -m tcp --dport 80 -j
>>> REDIRECT --to-ports 8080
>>> -A POSTROUTING -j MASQUERADE
>>> COMMIT
>>> # Completed on Wed Jul 25 11:36:37 2012
>>>
>>>
>>> ---------------------------------------------------------------------------
>>>
>>> Catch is that i use l2 redirection, so source and destination is
>>> eth0, no
>>> gre tunnel. Can it be done or should a create a virtual device and
>>> redirect
>>> input from there?
>>>
>>>
>>> Thank you in advance
>>> John
>>
>>
>>
>>
>> --
>> Thank you
>> Indunil Jayasooriya
>>
>
>
>
> --
> Thank you
> Indunil Jayasooriya
Received on Wed Jul 25 2012 - 10:29:18 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 25 2012 - 12:00:02 MDT