RE: [squid-users] WCCP, 2.4s3, FreeBSD 4.4s, ios 12.2(6a)

From: Cameron Worrell <[email protected]>
Date: Sun, 27 Jan 2002 08:01:54 -0500

"sysctl -a" reports "net.inet.ip.forwarding=1", gateway enable is "yes". My
BSD box is on a separate sement than the clients hanging off the router. It
is running ipfw. Another note is that the BSD box is dual homed with one
interface in the client segment and one in the web-cach segment. The default
route points to the router interface on the web-cache segment. Based on
Cisco doc it looked like it is prefered to have the cache on a separate
segment than the clients. I did test redirection on BSD by pointing my
clients gateway to the BSD box, instead of the router. That works fine. Is
there a way to validate GRE is functioning as it should? Someone mentioned
creating a GRE interface but isn't that only for Lnux? Here is some more
info...

fwrules -
$fwcmd add 50 fwd 127.0.0.1,3128 tcp from any to any 80 in recv ed0
$fwcmd add 50 fwd 127.0.0.1,3128 tcp from any to any 80 in recv fxp0
$fwcmd add allow all from any to any
$fwcmd add 65435 deny log ip from any to any

Router conf (truncated)-

#sh run
Building configuration...

Current configuration : 1518 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
!
ip subnet-zero
ip wccp version 1
ip wccp web-cache redirect-list 2
!
!
!
ip cef
!
call rsvp-sync
!
interface Ethernet0/0
 ip address x.x.x.x 255.255.255.252
 ip nat outside
 ip wccp web-cache redirect out
 full-duplex
!
interface Ethernet0/1
 ip address 192.168.200.2 255.255.255.0
 ip nat inside
 full-duplex
!
interface Ethernet0/1.1
 encapsulation dot1Q 10
 ip address 192.168.201.1 255.255.255.128
 ip nat inside
!
ip default-gateway x.x.x.x
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
no ip http server
ip pim bidir-enable
!
access-list 1 permit 192.168.200.0 0.0.0.255
access-list 1 permit 192.168.201.0 0.0.0.127
access-list 2 permit 192.168.200.128 0.0.0.127

Squid.conf -

ftp_passive on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
icp_access allow all
miss_access allow all
wccp_router 192.168.201.1
http_port 3128
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_dir ufs /export/webcache 500 16 256
cache_effective_user nobody
cache_effective_group nobody
httpd_accel_host virtual
httpd_accel_port 80

Squid Startup -

Jan 26 21:50:41 squid[710]: Squid Parent: child process 712 started
Jan 26 21:50:41 squid[712]: Starting Squid Cache version 2.4.STABLE3 for
i386-unknown-freebsd4.4...
Jan 26 21:50:41 squid[712]: Process ID 712
Jan 26 21:50:41 squid[712]: With 1064 file descriptors available
Jan 26 21:50:41 squid[712]: Performing DNS Tests...
Jan 26 21:50:41 squid[712]: Successful DNS name lookup tests...
Jan 26 21:50:41 squid[712]: DNS Socket created on FD 5
Jan 26 21:50:41 squid[712]: Adding nameserver 127.0.0.1 from
/etc/resolv.conf
Jan 26 21:50:41 squid[712]: Adding nameserver 216.227.96.36 from
/etc/resolv.conf
Jan 26 21:50:41 squid[712]: Unlinkd pipe opened on FD 10
Jan 26 21:50:41 squid[712]: Swap maxSize 512000 KB, estimated 39384 objects
Jan 26 21:50:41 squid[712]: Target number of buckets: 1969
Jan 26 21:50:41 squid[712]: Using 8192 Store buckets
Jan 26 21:50:41 squid[712]: Max Mem size: 8192 KB
Jan 26 21:50:41 squid[712]: Max Swap size: 512000 KB
Jan 26 21:50:41 squid[712]: Rebuilding storage in /export/webcache (CLEAN)
Jan 26 21:50:41 squid[712]: Using Least Load store dir selection
Jan 26 21:50:41 squid[712]: Set Current Directory to /export/webcache
Jan 26 21:50:41 squid[712]: Loaded Icons.
Jan 26 21:50:41 squid[712]: Accepting HTTP connections at 0.0.0.0, port
3128, FD 12.
Jan 26 21:50:41 squid[712]: Accepting ICP messages at 0.0.0.0, port 3130,
FD 13.
Jan 26 21:50:41 squid[712]: Accepting WCCP messages on port 2048, FD 14.
Jan 26 21:50:41 squid[712]: Ready to serve requests.
Jan 26 21:50:42 squid[712]: Store rebuilding is 7.8% complete
Jan 26 21:50:43 squid[712]: Done reading /export/webcache swaplog (52286
entries)
Jan 26 21:50:43 squid[712]: Finished rebuilding storage from disk.
Jan 26 21:50:43 squid[712]: 52286 Entries scanned
Jan 26 21:50:43 squid[712]: 0 Invalid entries.
Jan 26 21:50:43 squid[712]: 0 With invalid flags.
Jan 26 21:50:43 squid[712]: 52286 Objects loaded.
Jan 26 21:50:43 squid[712]: 0 Objects expired.
Jan 26 21:50:43 squid[712]: 0 Objects cancelled.
Jan 26 21:50:43 squid[712]: 0 Duplicate URLs purged.
Jan 26 21:50:43 squid[712]: 0 Swapfile clashes avoided.
Jan 26 21:50:43 squid[712]: Took 2.5 seconds (20997.7 objects/sec).
Jan 26 21:50:43 squid[712]: Beginning Validation Procedure
Jan 26 21:50:43 squid[712]: Completed Validation Procedure
Jan 26 21:50:43 squid[712]: Validated 52286 Entries
Jan 26 21:50:43 squid[712]: store_swap_size = 446159k
Jan 26 21:50:44 squid[712]: storeLateRelease: released 0 objects

-----Original Message-----
From: Adrian Chadd [mailto:adrian@squid-cache.org]
Sent: Sunday, January 27, 2002 3:03 AM
To: cameron worrell
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] WCCP, 2.4s3, FreeBSD 4.4s, ios 12.2(6a)

On Sat, Jan 26, 2002, cameron worrell wrote:
> After following the instructions in the FAQ I am getting "Page cannot be
dislayed" in browser. I applied the GRE patch, enable port redirect in IPFW
etc.. Everything appears to be ok except it doesn't work :( Below are
snippets of info. I can forward more as needed. Any help would be great. Thx
>

Have you turned on IP forwarding? If you don't turn it on,
the packets don't make it to the squid.

sysctl -w net.inet.ip.forwarding=1

then, in your /etc/rc.conf, add gateway_enable="YES"

Let me know if this makes it work. I have squid+wccpv1 working here
on my FreeBSD 4.4 development box.

Adrian
Received on Sun Jan 27 2002 - 05:57:20 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:57 MST