[squid-users] wccp and squid not working

From: Scott Pepple <[email protected]>
Date: Tue, 23 Apr 2002 15:23:12 -0600 (MDT)

hello all,

i'm trying to test out a squid/wccp configuration with a cisco 2600 (two
ethernet interfaces) using wccp

i've got a local network, 10.0.1.0 which is being nat'd to the outside
world as 192.168.1.127 (ip addresses may be changed to protect the
innocent)

i enable wccp on the outside facing interface (192.168.1.127) with ip wccp
web-cache redirect out

on the inside network i've got a squid cache on a freebsd box (4.4) with
the box doing the right ipfw stuff (and forwarding enabled in the kernel)

> sudo ipfw show
00100 3246 189064 allow tcp from 10.0.1.24 to any out
00200 0 0 allow tcp from any 80 to any out
00300 1926 92448 fwd 127.0.0.1,8080 tcp from any to any 80 in
00400 288 249041 allow tcp from any 80 to 10.0.1.24 in
00500 7159 564094 allow ip from any to any
65535 14 5584 deny ip from any to any

(the deny shows matches in there just because i didn't clear the
counters)

i've got the squid.conf settings straight from the faq -

wccp_router 10.0.1.254
wccp_version 4
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

a browser on a box on the inside network just spins and then dies

tcpdump output freaks me out, it show's the router (10.0.1.254) routing
what i assume are http requests over gre to the squid-box (10.0.1.20)...i
don't get why there's no traffic out from the squid box except to
eventually say icmp: time exceeded to the originating requestor.

*********************
5:58:16.570492 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
encap)15:58:16.570516 10.0.1.20.1812 > 128.167.120.6.http: S
226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
15:58:16.571442 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
encap)15:58:16.571466 10.0.1.20.1812 > 128.167.120.6.http: S
226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
15:58:16.572453 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
encap)15:58:16.572476 10.0.1.20.1812 > 128.167.120.6.http: S
226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
15:58:16.573402 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
encap)15:58:16.573426 10.0.1.20.1812 > 128.167.120.6.http: S
226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
15:58:16.574413 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
encap)15:58:16.574436 10.0.1.20.1812 > 128.167.120.6.http: S
226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
15:58:16.575362 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
encap)15:58:16.575385 10.0.1.20.1812 > 128.167.120.6.http: S
226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
15:58:16.576372 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
encap)15:58:16.576396 10.0.1.20.1812 > 128.167.120.6.http: S
226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
15:58:16.577323 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
encap)15:58:16.577367
********
this goes on for a long time
********
massive.truenorth.com > 10.0.1.20: icmp: time exceeded in-transit (DF)

********************

i configured squid with --enable-wccp and --enable-ipf-transparent

and i'm just wondering if i can do this with just two interfaces on the
router, it seems to me that there's a loop somewhere

thanks
scott
Received on Tue Apr 23 2002 - 15:23:14 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:39 MST