Hello Dear Eliezer:
Thanks , i build squid2.7stable9 at ubuntu
and i prepare to realize wccp at "http_port 3128 transparent"( but this
is interception mode only ) at firep step.
second step is wccp at " http_port 3128 transparent tproxy " ( it will
is transparent mode ) .
although i search more info for realizing wccp interception mode , but i
don't find good way until now .
But thanks for your advisement again.
John
�� 2014��07��11�� 15:08, Eliezer Croitoru �:
> What OS are you using?
> Did you had the chance of looking at:
> http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2
>
> Eliezer
>
> On 07/11/2014 07:09 AM, johnzeng wrote:> Hello Dear Everyone:
>>>> i config wccp mode recently , but i found http request don't succeed
>>>> to be sent via gre tunnel at wccp mode .
>>>>
>>>> This is my config , if possible , give me some advisement , Thanks
> again.
>>>>
>>>>
>>>> 19:36:58.728514 IP 192.168.5.66.37225 > 180.149.132.165.http: Flags
>>>> [F.], seq 0, ack 1, win 108, length 0
>>>> 19:37:00.304327 IP 192.168.5.66.41485 >
>>>> rev.opentransfer.com.28.147.130.98.in-addr.arpa.http: Flags [S], seq
>>>> 2204475760, win 5840, options [mss 1460,sackOK,TS val 3757970 ecr
>>>> 0,nop,wscale 6], length 0
>>>> 19:37:00.976403 IP 192.168.5.66.40789 > 202.104.237.103.http: Flags
>>>> [S], seq 2214840108, win 5840, options [mss 1460,sackOK,TS val 3758139
>>>> ecr 0,nop,wscale 6], length 0
>>>> 19:37:03.597139 IP 192.168.5.66.58461 > 101.226.142.33.http: Flags
>>>> [.], ack 2180972149, win 227, options [nop,nop,TS val 3758794 ecr
>>>> 2556809136], length 0
>>>> 19:37:03.806973 IP 192.168.5.66.58461 > 101.226.142.33.http: Flags
>>>> [.], ack 1, win 227, options [nop,nop,TS val 3758846 ecr
>>>> 2556809198,nop,nop,sack 1 {0:1}], length 0
>>>> 19:37:03.976184 IP 192.168.5.66.40789 > 202.104.237.103.http: Flags
>>>> [S], seq 2214840108, win 5840, options [mss 1460,sackOK,TS val 3758889
>>>> ecr 0,nop,wscale 6],
>>>>
>>>>
>>>> 19:06:33.356333 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48:
>>>> gre-proto-0x883e
>>>> 19:06:33.388306 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48:
>>>> gre-proto-0x883e
>>>> 19:06:33.388565 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48:
>>>> gre-proto-0x883e
>>>> 19:06:33.604188 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48:
>>>> gre-proto-0x883e
>>>> 19:06:38.187049 IP 192.168.5.1 > 192.168.2.2: GREv0, length 60:
>>>> gre-proto-0x883e
>>>> 19:06:41.931862 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48:
>>>> gre-proto-0x883e
>>>> 19:06:42.434829 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48:
>>>> gre-proto-0x883e
>>>> 19:06:55.047736 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48:
>>>> gre-proto-0x883e
>>>>
>>>>
>>>>
>>>> *Mar 8 12:48:05.300: WCCP-EVNT:S00: Here_I_Am packet from 192.168.2.2
>>>> w/bad rcv_id 00000000
>>>> *Mar 8 12:48:05.300: WCCP-PKT:S00: Sending I_See_You packet to
>>>> 192.168.2.2 w/ rcv_id 00002378
>>>> *Mar 8 12:48:05.300: IP: tableid=0, s=192.168.2.1 (local),
>>>> d=192.168.2.2 (Ethernet1/0), routed via FIB
>>>> *Mar 8 12:48:05.304: IP: s=192.168.2.1 (local), d=192.168.2.2
>>>> (Ethernet1/0), len 168, sending
>>>> *Mar 8 12:48:05.580: IP: tableid=0, s=192.168.5.1 (local),
>>>> d=192.168.5.66 (FastEthernet0/1), routed via FIB
>>>> *Mar 8 12:48:05.584: IP: tableid=0, s=192.168.5.1 (local),
>>>> d=192.168.5.66 (FastEthernet0/1), routed via FIB
>>>>
>>>> *Mar 8 12:48:15.119: IP: tableid=0, s=192.168.2.2 (Ethernet1/0),
>>>> d=192.168.2.1 (Ethernet1/0), routed via RIB
>>>> *Mar 8 12:48:15.119: IP: s=192.168.2.2 (Ethernet1/0), d=192.168.2.1
>>>> (Ethernet1/0), len 172, rcvd 3
>>>> *Mar 8 12:48:15.123: WCCP-PKT:S00: Received valid Here_I_Am packet
>>> >from 192.168.2.2 w/rcv_id 00002378
>>>> *Mar 8 12:48:15.123: WCCP-PKT:S00: Sending I_See_You packet to
>>>> 192.168.2.2 w/ rcv_id 00002379
>>>> *Mar 8 12:48:15.123: IP: tableid=0, s=192.168.2.1 (local),
>>>> d=192.168.2.2 (Ethernet1/0), routed via FIB
>>>> *Mar 8 12:48:15.123: IP: s=192.168.2.1 (local), d=192.168.2.2
>>>> (Ethernet1/0), len 168, sending
>>>> *Mar 8 12:48:15.299: IP: tableid=0, s=192.168.2.2 (Ethernet1/0),
>>>> d=192.168.5.1 (FastEthernet0/1), routed via RIB
>>>> *Mar 8 12:48:15.299: IP: s=192.168.2.2 (Ethernet1/0), d=192.168.5.1,
>>>> len 172, rcvd 4
>>>> *Mar 8 12:48:15.299: WCCP-EVNT:S00: Here_I_Am packet from 192.168.2.2
>>>> w/bad rcv_id 00000000
>>>> *Mar 8 12:48:15.299: WCCP-PKT:S00: Sending I_See_You packet to
>>>> 192.168.2.2 w/ rcv_id 0000237A
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ********************************************************************
>>>> squid config
>>>> ********************************************************************
>>>>
>>>> wccp2_router 192.168.2.2
>>>>
>>>> wccp2_address 192.168.0.1 #interface ip address
>>>>
>>>> wccp_version 4
>>>>
>>>> wccp2_forwarding_method 1 # Gre for 1 L2rewriting for 2
>>>>
>>>> wccp2_return_method 1 # Gre for 1 L2rewriting for 2
>>>>
>>>> wccp2_assignment_method 1 Gre for 1 L2rewriting for 2
>>>>
>>>> wccp2_weight 5
>>>>
>>>> *********************************************************************
>>>> other environment ( ip tunnel & iptables ....)
>>>> *********************************************************************
>>>>
>>>> first step
>>>>
>>>> modprobe ip_gre
>>>>
>>>> ip tunnel add wccp0 mode gre remote 192.168.5.1 local 192.168.2.2
> dev eth1
>>>>
>>>> second step
>>>>
>>>> ip addr add 10.1.1.2/24 dev wccp0
>>>> ip route add 10.1.1.0/24 dev wccp0
>>>> ip link set wccp0 up
>>>>
>>>> Or
>>>>
>>>> ifconfig wccp0 10.1.1.2 netmask 255.255.255.0 up
>>>> route add -net 10.1.1.0 netmask 255.255.255.0 dev wccp0
>>>>
>>>>
>>>> third step
>>>>
>>>> echo 0 >/proc/sys/net/ipv4/conf/wccp0/rp_filter
>>>> echo 0 >/proc/sys/net/ipv4/conf/eth1/rp_filter
>>>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>>>
>>>> fouth step
>>>>
>>>> iptables -P INPUT ACCEPT
>>>> iptables -P OUTPUT ACCEPT
>>>> iptables -P FORWARD ACCEPT
>>>> iptables -A INPUT -i lo -j ACCEPT
>>>> iptables -A OUTPUT -o lo -j ACCEPT
>>>> iptables -A INPUT -i wccp0 -m state --state ESTABLISHED,RELATED -j
> ACCEPT
>>>> iptables -A FORWARD -i wccp0 -j ACCEPT
>>>> iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j
>>>> REDIRECT --to-ports 3128
>>>> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 192.168.2.2
>>>>
>
Received on Fri Jul 11 2014 - 14:10:23 MDT
This archive was generated by hypermail 2.2.0 : Sat Jul 12 2014 - 12:00:05 MDT