[squid-users] Re: Re: WCCP + squid 2.5-STABLE7 + linux 2.6.10

From: Jesse Guardiani <[email protected]>
Date: Wed, 23 Feb 2005 16:32:22 -0500

Henrik Nordstrom wrote:

> On Wed, 23 Feb 2005, Jesse Guardiani wrote:
>
>> OK. It's blocking the traffic now. I try to access a page on the
>> client and the browser just spins. I'm not seeing any new entries
>> in my squid access log, but the counters in iptables are incrementing
>> as shown above.
>>
>> My guess is that since the squid box is on the same subnet as the
>> client box, the cisco is looping port 80 traffic from the squid
>> back to the squid. Does that sound possible? Again, I'm not seeing
>> anything in access.log though. What do you think?
>
> tcpdump is your friend in diagnosing problems on this level.

OK. This is my first time using tcpdump. I think I've narrowed it down
to the interesting part. "shannon" is the box I'm SSH'ing into the squid
server, 192.168.10.2, from. 192.168.1.193 is a machine on the
network that "rhea" happens to be talking to because I run distcc and I'm
compiling things as I test. I didn't think the syslog, domain, or distcc
(3632) ports look interesting. That said, here's my tcpdump command:

tcpdump 'not ( host shannon and port 22 ) and not host 192.168.1.193 and not port syslog and not port domain and not snmp and not port 3632'

And here's the only thing I could find that looked relevent:

04:22:30.959889 IP 192.168.10.2.2048 > 192.168.10.1.2048: UDP, length: 120
04:22:30.961323 IP 192.168.10.1.2048 > 192.168.10.2.2048: UDP, length: 140
04:22:32.791481 IP 192.168.10.1 > 192.168.10.2: gre-proto-0x883e
04:22:35.790420 IP 192.168.10.1 > 192.168.10.2: gre-proto-0x883e
04:22:40.954870 IP 192.168.10.2.2048 > 192.168.10.1.2048: UDP, length: 120
04:22:40.956378 IP 192.168.10.1.2048 > 192.168.10.2.2048: UDP, length: 140
04:22:41.790316 IP 192.168.10.1 > 192.168.10.2: gre-proto-0x883e
04:22:51.932636 IP 192.168.10.2.2048 > 192.168.10.1.2048: UDP, length: 120
04:22:51.934544 IP 192.168.10.1.2048 > 192.168.10.2.2048: UDP, length: 140

192.168.10.1 is my Cisco router's LAN address.
Does the above mean anything to anyone?
Thanks!

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net
Received on Wed Feb 23 2005 - 14:32:45 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST