Re: [SQU] tracing wccp (yes I have read the FAQ!)

From: Gary Barnden <[email protected]>
Date: Wed, 20 Sep 2000 16:08:55 +1000

Hello

This might help you.

ip wccp version 1 <- Set Version
ip wccp web-cache redirect-list 100 <- Set Access List
!
interface Dialer0
  ip unnumbered Ethernet0/0
  ip accounting output-packets
  ip wccp redirect exclude in
  ip wccp web-cache redirect out <- redirect outing packets
!
access-list 100 deny tcp host X.X.X.1 any eq www <- primary proxy allowed
to bypass WCCP Redirects
access-list 100 deny tcp host X.X.X.2 any eq www <- secondary proxy
allowed to bypass WCCP Redirects
access-list 100 deny tcp host X.X.X.20 any eq www <- shared proxy IP
Address allowed to bypass WCCP Redirects
access-list 100 permit tcp any any eq www <- redirect all other tcp port 80
requests

The problem you are probably having is that after the Cisco hijacks the
request and redirects it to your proxy, the cisco is then hijacking the
resulting proxy request. therefore you need to allow your proxy's to bypass
WCCP

Hope that helps

At 15:17 20/09/00 +1100, you wrote:
>I have spent two weeks trying to get squid to transparently cache for my
>cisco 2511 using the wccp protocol, during which time I have read the FAQ
>about 20 times and overcome most of the hurdles. Now I am stuck. I really
>need an idea as to how I can trace where the process is failing as I am so
>close to a working setup I can taste it:
>
>Configuration details:
>Linux box: RH6.2 kernel 2.2.14-5.0
>Squid: squid-2.3.STABLE1-5
>squid.conf:
> httpd_accel_with_proxy on
> httpd_accel_port 80
> httpd_accel_host virtual
> httpd_accel_uses_host_header on
>
>wccp.o compiled and added to modules.dep (ip_gre.o is in there as well but
>that was the default in the kernel so I left it).
>modprobe wccp.o & depmod -a -e both return no errors or unresolved
>references, indicating the module is compiled/loaded ok? (I think)
>
>forwarding and redirection enabled in kernel.
>ipchains configured for transparent forwarding from 80 to squid port (3128)
>transparent forwarding of cisco using the route-map method on int eth0 works
>just fine, so squid is configured correctly.
>(Unfortunately using this method if the squid box is unavailable then then
>web browsing is disabled, which is why I want to use wccp).
>
>Cisco:
>- int Eth0 is local LAN
>- int serial1 is hdsl connection to Internet
>
>12.0(7)T (I also tried 12.1(2) without sucess)
>ip wccp version 1
>ip wccp web-cache
>
>int serial1
> ip wccp web-cache redirect out
>
>I know the cisco can see the squid box as a wccp server because if I run:
>debug ip wccp packet I get:
>Sep 15 17:03:32 NCST: WCCP-PKT: Received valid Here_I_Am packet from
>202.0.157.20 w/rcvd_id 00000034
>Sep 15 17:03:32 NCST: WCCP-PKT: Sending I_See_You packet to 202.0.157.20 w/
>rcvd_id 00000035
>
>As soon as I enter the int serial1 command 'ip wccp web-cache redirect out'
>on the cisco router everything dies. Nothing appears in my squid access log.
>No browsing occurs for my LAN users and it seems as though the cisco is
>getting no (or invalid) replies from squid. How can I trace this further?
>
>Is there any way to trace packets from the router to squid through/using
>wccp.o? Obviously some general administrative packets are getting across
>because the router notes when the wccp cache is available/unavailable. How
>can I go on from here?
>
>Any help would be much appreciated and I promise I will post the solution if
>anyone is interested?
>
>Regards
>__________________________________________
>Al Blake, Information Technology Manager
>Secretariat of the Pacific Community.
>BPD5 98848 Noumea Cedex.
>New Caledonia.
>Tel +687 26.01.44 Fax +687 26.38.18
>Email: alb@spc.int
>Web: http://www.spc.int/ <http://www.spc.int/>
>____________________________________________
>Any attached files are in PKZip format.
>Please advise if you have difficulties unzipping them.
>___________________________________________
>
>
>
>
>
>--
>To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

Kind regards

Gary Barnden
_______________________________________
Braenet Pty Ltd
Corporate Internet Solutions
A "Cisco Enabled Regional ISP"
1/59-61 Burrows Road
Alexandria NSW 2015
Ph: 1300-368-081 Fax: (02) 9565-1848
Email: g.barnden@braenet.com.au
Enquiries: info@braenet.com.au
Web: http://www.braenet.com.au

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Tue Sep 19 2000 - 23:12:00 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:24 MST