Re: [squid-users] FreeBSD 5.1, Cisco 837 & WCCP Redirects

From: Roman Synyuk <[email protected]>
Date: Sun, 25 Jan 2004 23:46:34 +0200 (EET)

Hello.

You need to configure forwarding incoming packets from GRE interface
to squid process:

  # ipfw add fwd 127.0.0.1,3128 ip from any to any via gre0 in
  # ipfw add permit ip from any to any

> Hello!
>
> I'm trying to set up a transparent proxy, but I'm running in to some
> difficulty. Here is my set up:
>
> * Cisco 837 running Cisco IOS 12.3
> * FreeBSD 5.1
> * squid-2.5.4_6 with WCCP compiled in
> * (also running apache-2.0.48_1, running on port 80)
>
> I have so far taken the following steps:
>
> In squid.conf:
> --------------
>
> ## WCCP Redirection (Transparent Proxy)
> ## ------------------------------------
> httpd_accel_host virtual
> httpd_accel_port 3128
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> wccp_router 10.0.0.254
> wccp_version 3
>
> On the Cisco 837:
> -----------------
>
> ip wccp version 1
> ip wccp web-cache redirect-list 2
> !
> interface BVI1
> description --- Bridging Interface ---
> ip address 150.101.x.x 255.255.255.248
> ip wccp web-cache redirect in
> ip nat outside
> end
> !
> access-list 2 permit 10.0.0.0 0.0.0.255
>
> On FreeBSD 5.1:
> ---------------
>
> <compiled 'device gre' into kernel>
>
> configured device with:
>
> # ifconfig gre0 create
> # ifconfig gre0 10.0.0.3 10.0.0.254 netmask 255.255.255.255 up
> # ifconfig gre0 tunnel 10.0.0.3 10.0.0.254
> # route delete 10.0.0.254
>
> ifconfig:
>
> gre0: flags=9051<UP,POINTOPOINT,RUNNING,LINK0,MULTICAST> mtu 1476
> tunnel inet 10.0.0.3 --> 10.0.0.254
> inet6 fe80::240:5ff:fe03:3fb1%gre0 prefixlen 64 scopeid 0x5
> inet 10.0.0.3 --> 255.255.255.0 netmask 0xff000000
>
> Once all this is done and Squid starts I get the following messages on my
> 837:
>
> router#deb ip wccp event
> router#deb ip wccp packet
> *Mar 1 19:57:04.715: WCCP-PKT: Sending I_See_You packet to 10.0.0.3 w/ rcvd_id 000000C2
> *Mar 1 19:57:14.739: WCCP-EVNT: Built I_See_You msg body w/1 usable web caches, change # 0000000B
> *Mar 1 19:57:14.739: %WCCP-5-CACHEFOUND: Web Cache 10.0.0.3 acquired
> *Mar 1 19:57:14.739: WCCP-PKT: Received valid Here_I_Am packet from 10.0.0.3 w/rcvd_id 000000C2
> *Mar 1 19:57:14.739: WCCP-PKT: Sending I_See_You packet to 10.0.0.3 w/ rcvd_id 000000C3
> *Mar 1 19:57:25.759: WCCP-PKT: Received valid Here_I_Am packet from 10.0.0.3 w/rcvd_id 000000C3
> *Mar 1 19:57:25.759: WCCP-PKT: Sending I_See_You packet to 10.0.0.3 w/ rcvd_id 000000C4
>
> So they're talking WCCP, however users can still browse the web and it
> seems to me as though the router isn't forwarding the traffic:
>
> router#sh ip wccp web-cache detail
> WCCP Cache-Engine information:
> Web Cache ID: 0.0.0.0
> Protocol Version: 0.3
> State: Usable
> Initial Hash Info: 00000000000000000000000000000000
> 00000000000000000000000000000000
> Assigned Hash Info: 00000000000000000000000000000000
> 00000000000000000000000000000000
> Hash Allotment: 0 (0.00%)
> Packets Redirected: 0
> Connect Time: 00:03:35
>
> I am not sure if interface BVI1 is supposed to be redirect in or redirect
> out, but so far having either has shown the same results.
>
> Squid logs are not showing anything.
>
> Is my understanding correct if I say that my 837 intercepts traffic on port
> 80 and then, using the GRE tunnel, redirects it to my FreeBSD box still on
> port 80, where squid handles it like a normal request? If this is the
> case, am I supposed to set up some kind of firewall rule that captures
> traffic in port 80 and remaps it to port 3128? If I do this, how can I
> have apache and squid running together?
>
> This is sort of what I have worked out after reading the setup steps for
> all sorts of linux/freebsd configurations, but I'm not so sure it's what I
> need to do. To test this I changed the listening port of squid to 80, and
> still saw no entries in my access.log tending me to believe that the
> wccp-redirect just ain't workin'.
>
> Can anyone shed any light?
>
>
> Cheers,
>
> --
> Adam Smith : adam@internode.com.au
> Internode : http://www.internode.on.net
> Phone : (08) 8228 2999
>
Received on Sun Jan 25 2004 - 14:46:51 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:08 MST