Nicholas
ports are open now, however I'm still not seeing traffic on the tunnel
(tcpdump -i gre0). Also I'm not certain if the ip_gre module is enough. I'm
seeing many configurations using ip_wccp, but I do not have that one on my
centos
What is the proper way to verify that tunnel is working properly? I tried to
create 2 VMs, and setup a GRE tunnel between them, and it worked.
--
From: "Ritter, Nicholas"
Sent: Tuesday, January 06, 2009 11:25 PM
To: "Roland Roland"
Cc:
Subject: RE: [squid-users] transparent proxy not working!! any advice?
Ok...so the squid server and the router are seeing eachother
initiallythen it fails. On the squid box you need to make sure the
firewall is allowing UDP port 2048 from the the router and that the GRE
tunnel is functioning properly, and is setup in iptables properly.
The other issue is that may be needed is that access-list (access-list
180, from my last email) should have the ip of the squid box in it as a
deny entry. The reason for this is that you want to avoid traffic being
'looped' from the router to the squid box.
You can setup WCCP where you are using no service groups and just the
web-cache and web-cache redirect, etc. The two things that can break doing
that are: multiple squid servers in a WCCP setup, and support for
apps/ports other than port 80.
Nick
From: Roland Roland [mailto:r_o_l_a_...@hotmail.com]
Sent: Tue 1/6/2009 1:48 PM
To: Ritter, Nicholas; sq...@vdvyver.net
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] transparent proxy not working!! any advice?
Hello,
after adding the ACL below.
I've got the following result.
if im not mistaken, it has something to due with the "dynamic" issue?
should
I set it as standard 0
or ?!
*Jan 6 20:21:39.294: WCCP-PKT:D90: Sending I_See_You packet to
192.168.0.183 w/ rcv_id 0019
*Jan 6 20:21:39.298: WCCP-PKT:D80: Sending I_See_You packet to
192.168.0.183 w/ rcv_id 0019
*Jan 6 20:21:57.290: WCCP-EVNT:D90: Here_I_Am packet from 192.168.0.183
w/bad rcv_id
*Jan 6 20:21:57.290: WCCP-PKT:D90: Sending I_See_You packet to
192.168.0.183 w/ rcv_id 001A
*Jan 6 20:21:57.290: WCCP-EVNT:D80: Here_I_Am packet from 192.168.0.183
w/bad rcv_id
*Jan 6 20:21:57.290: WCCP-PKT:D80: Sending I_See_You packet to
192.168.0.183 w/ rcv_id 001A
*Jan 6 20:22:04.294: WCCP-PKT:D90: Sending Removal_Query packet to
192.168.0.183w/ rcv_id 001B
*Jan 6 20:22:04.298: WCCP-PKT:D80: Sending Removal_Query packet to
192.168.0.183w/ rcv_id 001B
*Jan 6 20:22:09.294: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client
192.168.0.183
*Jan 6 20:22:09.298: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client
192.168.0.183
*Jan 6 20:22:15.298: WCCP-PKT:D90: Sending I_See_You packet to
192.168.0.183 w/ rcv_id 001C
*Jan 6 20:22:15.298: WCCP-PKT:D80: Sending I_See_You packet to
192.168.0.183 w/ rcv_id 001C
--
From: "Roland Roland"
Sent: Monday, January 05, 2009 9:50 PM
To: "Ritter, Nicholas" ;
Cc:
Subject: Re: [squid-users] transparent proxy not working!! any advice?
Hello,
thanks for the advice ill proceed and add the new ACL.
in the meantime, to answer your question
yes Squid is on the same interface as all the other clients. what sort of
entries should I add to tht access list?
PS: my IOS is Version 12.4(17b), RELEASE SOFTWARE (fc2) Cisco 2811
(revision 53.51)
--
From: "Ritter, Nicholas"
Sent: Monday, January 05, 2009 9:23 PM
To: ;
Cc:
Subject: RE: [squid-users] transparent proxy not working!! any advice?
The error on the Cisco router is stating that the squid box is trying to
tell the router that it is able to service the wccp group 80 and 90, but
for some reason the router does not see those groups as ones it is
servicing.
This is odd. Try doing the following in the router:
ip access-list 180 permit any any
ip wccp web-cache redirect-list 180
ip wccp 80 redirect-list 180
ip wccp 90 redirect-list 180
Is the squid box on the same router interface as the rest of the
clients?
If it is, you may need to add lines to the access-list 180, or put the
squid box on the secondary interface of the router and do a "ip wccp
redirect exclude in" statement on that interface.
Which IOS feature set and version is this?
WCCP is buggy in some IOS releases.
From: r_o_l_a_...@hotmail.com [mailto:r_o_l_a_...@hotmail.com]
Sent: Mon 1/5/2009 8:43 AM
To: sq...@vdvyver.net
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] transparent proxy not working!! any advice?
Hello,
actually I have both of set on the lan interface ( am I mistaken to set
the
"redirect out" on the lan interface? should I be setting it on the
interface
facing the internet?)
ip wccp 80 redirect in
ip wccp 90 redirect out
as for the wiki provided, I fail to see what's mi