Re: [squid-users] squid and wccp

From: Wennie V. Lagmay <[email protected]>
Date: Mon, 28 Apr 2008 15:03:55 +0300 (AST)

A. squid -v

Squid Cache: Version 2.6.STABLE19
configure options: '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--localstatedir=/spool/squid' '--sysconfdir=/etc/squid' '--enable-snmp' '--enable-kill-parent-hack' '--enable-delay-pools' '--enable-storeio=aufs,diskd,null' '--enable-removal-policies=heap,lru' '--enable-arp-acl' '--enable-large-files' '--enable-ssl' '--enable-linux-netfilter' '--with-maxfd=16384'

B. ip wccp version 2
ip wccp web-cache
!
interface fastethernet 1/0
description internet connection
ip address 192.168.255.6 255.255.255.252
!
interface fastethernet 3/0
description LAN
ip address xx.xx.184.177
ip wccp web-cache redirect out
!
ip route 0.0.0.0 0.0.0.0 192.158.255.5

C. root@cproxy ~]# tcpdump -i wccp0
tcpdump: WARNING: arptype 778 not supported by libpcap - falling back to cooked socket
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wccp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes

:note that 778 is my ssh port, also there is no log being shown in the access.log

tcpdump
IP 192.168.255.6 > xx.xx.184.178: GREv0, length 56: gre-proto-0x883e
STP 802.1d, Config, Flags [none], bridge-id xxxxxxxxxx, length 43

D. ifconfig

wccp0 Link encap:UNSPEC HWaddr 4F-62-B8-B2-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:xx.xx.184.178 P-t-P:xx.xx.184.178 Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

:note packets received and send

----- Original Message -----
From: "Manoj_Rajkarnikar" <manoj@vianet.com.np>
To: "Wennie V. Lagmay" <wlagmay@yanbulink.net>
Cc: "squid-users" <squid-users@squid-cache.org>
Sent: Monday, April 28, 2008 2:22:34 PM (GMT+0300) Asia/Kuwait
Subject: Re: [squid-users] squid and wccp

On Mon, 28 Apr 2008, Wennie V. Lagmay wrote:

> I am trying to configure squid wccp and cisco router but with no luck.
> This is what I have done. Please check my procedure and confoguration:
>
> for squid version 2.6Stable19 running on Fedora Core 8 64 bit with ip address xx.xx.184.178
> 1. I configure squid with options enable-linux-netfilter

please provide output of "squid -v"

>
> 2. in squid.conf
> http_port 8080 transparent
> wccp2_router xx.xx.184.177
> wccp2_version 4
> wccp2_forwarding_method 1
> wccp2_return_method 1
> wccp2_service standard 0
> wccp2_address 0.0.0.0
>
> 3. modprobe ip_gre
> ip tunnel add wccp0 mode gre remote xx.xx.184.177 local xx.xx.184.178 dev eth1
> ip addr add xx.xx.184.178/32 dev wccp0
> ip link set wccp0 up
>
> 4.echo 0 >/proc/sys/net/ipv4/conf/wccp0/rp_filter
>
> 5.iptables -t nat -A PREROUTING -p tcp -i wccp0 -j REDIRECT --to-ports 8080
>
> 6. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-ports 8080
>
> On Cisco router7206 npe300 with 12.2(31)
>
> ip wccp version 2
> ip wccp web-cache
> !
> interface fastethernet 1/0
> description LAN
> ip address 192.168.255.6 255.255.255.252
> !
> interface fastethernet 3/0
> description internet connection
> ip address xx.xx.184.177
> ip wccp web-cache redirect out
> !
> ip route 0.0.0.0 0.0.0.0 192.158.255.5
>

which interface connects to internet. default route indicates fa1/0 to be
connected to internet. if it is fa1/0 the "ip wccp web-cache redirect out"
command should be in fa1/0.

>
> Logs:
>
> with linux cache.log I can see messages as:
>
> wccp2HereIam: Sending to device id 0
> Sending HereIam packet size 144
> Incoming WCCPv2 I_SEE_YOU lenth 132
> Complete packet receive
>
> In Cisco router:
>
> sho ip wccp web-cache
>
> Global WCCP information:
> Router information:
> Router Identifier: 192.168.255.6
> Protocol Version: 2.0
>
> Service Identifier: web-cache
> Number of Cache Engines: 1
> Number of routers: 1
> Total Packets Redirected: 201
> Redirect access-list: -none-
> Total Packets Denied Redirect: 0
> Total Packets Unassigned: 0
> Group access-list: -none-
> Total Messages Denied to Group: 0
> Total Authentication failures: 0
>
> sho ip wccp web-cache detail
> Web Cache ID: xx.xx.184.178
> Protocol Version: 2.0
> State: Usable
> Initial Hash Info: 00000000000000000000000000000000
> 00000000000000000000000000000000
> Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> Hash Allotment: 256 (100.00%)
> Packets Redirected: 201
> Connect Time: 01:14:03
>

what about tcpdump on wccp0 interface.. does show any traffic being
redirected. does access.log show the connections??

>
> It seems everything is working fine but configuring client browser without any proxy it is not browsing. note that if I manually define the Ip address of the transparent proxy I can browse the web.
>
> Can anybody help me on my problem?
>
> thank you very much,
> Wennie
>
>
>
> ----- Original Message -----
> From: "Adrian Chadd" <adrian@creative.net.au>
> To: "Wennie V. Lagmay" <wlagmay@yanbulink.net>
> Cc: "Adrian Chadd" <adrian@creative.net.au>, "squid-users" <squid-users@squid-cache.org>
> Sent: Saturday, April 26, 2008 8:31:43 PM (GMT+0300) Asia/Kuwait
> Subject: Re: [squid-users] squid and wccp
>
> On Sat, Apr 26, 2008, Wennie V. Lagmay wrote:
>> I have a question, do I need to enable ip_gre, ip_wccp on my system? using kernel 2.6.24, i enable the ip_gre does it mean it aoutmatically enables the ip_wccp?
>
> Just ip_gre. the GRE code shipped in linux these days includes WCCPv2 packet
> decoding.
>
>
>
> HTH,
>
>
> Adrian
>
>>
>> thanks
>>
>>
>> ----- Original Message -----
>> From: "Adrian Chadd" <adrian@creative.net.au>
>> To: "Wennie V. Lagmay" <wlagmay@yanbulink.net>
>> Cc: "squid-users" <squid-users@squid-cache.org>
>> Sent: Saturday, April 26, 2008 12:38:07 PM (GMT+0300) Asia/Kuwait
>> Subject: Re: [squid-users] squid and wccp
>>
>> http://wiki.squid-cache.org/ConfigExamples/
>>
>>
>>
>> Adrian
>>
>> On Sat, Apr 26, 2008, Wennie V. Lagmay wrote:
>>> Hi all,
>>> Can anybody give me a step by step configuration to enable WCCP in both router and squid2.6.stable19.
>>>
>>> Here are the details:
>>>
>>> router = cisco7206VXR
>>> IOS ver = 12.3 (8) T, RELEASE SOFTWARE (fc2)
>>> FE0/0 = xx.xx.184.17/28
>>>
>>> squid:
>>>
>>> OS = FC8 64bit with kernel version 2.6.24.4-64.fc8 #1 SMP
>>> squid version = squid-2.6Stable19
>>> eth1 = xx.xx.184.22/28
>>>
>>> I am trying to follow the configuration in squid FAQ but it is very hard for me because this my first time to do thus kind of setup. I would highly appreciate if you can provide me a step by step configuration for cisco router and squid box to enable WCCP version 2
>>>
>>> Thank you and best regards,
>>>
>>> wennie
>>
>> --
>> - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
>> - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
>
>

-- 
Received on Mon Apr 28 2008 - 11:54:08 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT