Re: [squid-users] sorry, i updated my email mode, and i have a question about wccp
On 12/07/2014 2:10 a.m., johnzeng wrote: > > Hello Dear Eliezer: > > Thanks , i build squid2.7stable9 at ubuntu > > and i prepare to realize wccp at "http_port 3128 transparent"( but this > is interception mode only ) at firep step. > > second step is wccp at " http_port 3128 transparent tproxy " ( it will > is transparent mode ) . Squid 2.7 does not support TPROXYv4 which is what modern kernels provide. To use TPROXY in Squid-2 you require to also custom build a kernel 2.6.18 or older with the TPROXYv2 kernel patches, and the ctproxy tools. Amos
Re: [squid-users] sorry, i updated my email mode, and i have a question about wccp
Hello Dear Eliezer: Thanks , i build squid2.7stable9 at ubuntu and i prepare to realize wccp at "http_port 3128 transparent"( but this is interception mode only ) at firep step. second step is wccp at " http_port 3128 transparent tproxy " ( it will is transparent mode ) . although i search more info for realizing wccp interception mode , but i don't find good way until now . But thanks for your advisement again. John 于 2014年07月11日 15:08, Eliezer Croitoru 写道: > What OS are you using? > Did you had the chance of looking at: > http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2 > > Eliezer > > On 07/11/2014 07:09 AM, johnzeng wrote:> Hello Dear Everyone: i config wccp mode recently , but i found http request don't succeed to be sent via gre tunnel at wccp mode . This is my config , if possible , give me some advisement , Thanks > again. 19:36:58.728514 IP 192.168.5.66.37225 > 180.149.132.165.http: Flags [F.], seq 0, ack 1, win 108, length 0 19:37:00.304327 IP 192.168.5.66.41485 > rev.opentransfer.com.28.147.130.98.in-addr.arpa.http: Flags [S], seq 2204475760, win 5840, options [mss 1460,sackOK,TS val 3757970 ecr 0,nop,wscale 6], length 0 19:37:00.976403 IP 192.168.5.66.40789 > 202.104.237.103.http: Flags [S], seq 2214840108, win 5840, options [mss 1460,sackOK,TS val 3758139 ecr 0,nop,wscale 6], length 0 19:37:03.597139 IP 192.168.5.66.58461 > 101.226.142.33.http: Flags [.], ack 2180972149, win 227, options [nop,nop,TS val 3758794 ecr 2556809136], length 0 19:37:03.806973 IP 192.168.5.66.58461 > 101.226.142.33.http: Flags [.], ack 1, win 227, options [nop,nop,TS val 3758846 ecr 2556809198,nop,nop,sack 1 {0:1}], length 0 19:37:03.976184 IP 192.168.5.66.40789 > 202.104.237.103.http: Flags [S], seq 2214840108, win 5840, options [mss 1460,sackOK,TS val 3758889 ecr 0,nop,wscale 6], 19:06:33.356333 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: gre-proto-0x883e 19:06:33.388306 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: gre-proto-0x883e 19:06:33.388565 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: gre-proto-0x883e 19:06:33.604188 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: gre-proto-0x883e 19:06:38.187049 IP 192.168.5.1 > 192.168.2.2: GREv0, length 60: gre-proto-0x883e 19:06:41.931862 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: gre-proto-0x883e 19:06:42.434829 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: gre-proto-0x883e 19:06:55.047736 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: gre-proto-0x883e *Mar 8 12:48:05.300: WCCP-EVNT:S00: Here_I_Am packet from 192.168.2.2 w/bad rcv_id *Mar 8 12:48:05.300: WCCP-PKT:S00: Sending I_See_You packet to 192.168.2.2 w/ rcv_id 2378 *Mar 8 12:48:05.300: IP: tableid=0, s=192.168.2.1 (local), d=192.168.2.2 (Ethernet1/0), routed via FIB *Mar 8 12:48:05.304: IP: s=192.168.2.1 (local), d=192.168.2.2 (Ethernet1/0), len 168, sending *Mar 8 12:48:05.580: IP: tableid=0, s=192.168.5.1 (local), d=192.168.5.66 (FastEthernet0/1), routed via FIB *Mar 8 12:48:05.584: IP: tableid=0, s=192.168.5.1 (local), d=192.168.5.66 (FastEthernet0/1), routed via FIB *Mar 8 12:48:15.119: IP: tableid=0, s=192.168.2.2 (Ethernet1/0), d=192.168.2.1 (Ethernet1/0), routed via RIB *Mar 8 12:48:15.119: IP: s=192.168.2.2 (Ethernet1/0), d=192.168.2.1 (Ethernet1/0), len 172, rcvd 3 *Mar 8 12:48:15.123: WCCP-PKT:S00: Received valid Here_I_Am packet >>> >from 192.168.2.2 w/rcv_id 2378 *Mar 8 12:48:15.123: WCCP-PKT:S00: Sending I_See_You packet to 192.168.2.2 w/ rcv_id 2379 *Mar 8 12:48:15.123: IP: tableid=0, s=192.168.2.1 (local), d=192.168.2.2 (Ethernet1/0), routed via FIB *Mar 8 12:48:15.123: IP: s=192.168.2.1 (local), d=192.168.2.2 (Ethernet1/0), len 168, sending *Mar 8 12:48:15.299: IP: tableid=0, s=192.168.2.2 (Ethernet1/0), d=192.168.5.1 (FastEthernet0/1), routed via RIB *Mar 8 12:48:15.299: IP: s=192.168.2.2 (Ethernet1/0), d=192.168.5.1, len 172, rcvd 4 *Mar 8 12:48:15.299: WCCP-EVNT:S00: Here_I_Am packet from 192.168.2.2 w/bad rcv_id *Mar 8 12:48:15.299: WCCP-PKT:S00: Sending I_See_You packet to 192.168.2.2 w/ rcv_id 237A squid config wccp2_router 192.168.2.2 wccp2_address 192.168.0.1 #interface ip address wccp_version 4 wccp2_forwarding_method 1 # Gre for 1 L2rewriting for 2 wccp2_return_method 1 # Gre for 1 L2rewriting for 2 wccp2_assignment_method 1 Gre for 1 L2rewriting for 2 wccp2_weight 5 ***
Re: [squid-users] sorry, i updated my email mode, and i have a question about wccp
What OS are you using? Did you had the chance of looking at: http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2 Eliezer On 07/11/2014 07:09 AM, johnzeng wrote:> Hello Dear Everyone: >> > >> >i config wccp mode recently , but i found http request don't succeed >> >to be sent via gre tunnel at wccp mode . >> > >> >This is my config , if possible , give me some advisement , Thanks again. >> > >> > >> > >> >19:36:58.728514 IP 192.168.5.66.37225 > 180.149.132.165.http: Flags >> >[F.], seq 0, ack 1, win 108, length 0 >> >19:37:00.304327 IP 192.168.5.66.41485 > >> >rev.opentransfer.com.28.147.130.98.in-addr.arpa.http: Flags [S], seq >> >2204475760, win 5840, options [mss 1460,sackOK,TS val 3757970 ecr >> >0,nop,wscale 6], length 0 >> >19:37:00.976403 IP 192.168.5.66.40789 > 202.104.237.103.http: Flags >> >[S], seq 2214840108, win 5840, options [mss 1460,sackOK,TS val 3758139 >> >ecr 0,nop,wscale 6], length 0 >> >19:37:03.597139 IP 192.168.5.66.58461 > 101.226.142.33.http: Flags >> >[.], ack 2180972149, win 227, options [nop,nop,TS val 3758794 ecr >> >2556809136], length 0 >> >19:37:03.806973 IP 192.168.5.66.58461 > 101.226.142.33.http: Flags >> >[.], ack 1, win 227, options [nop,nop,TS val 3758846 ecr >> >2556809198,nop,nop,sack 1 {0:1}], length 0 >> >19:37:03.976184 IP 192.168.5.66.40789 > 202.104.237.103.http: Flags >> >[S], seq 2214840108, win 5840, options [mss 1460,sackOK,TS val 3758889 >> >ecr 0,nop,wscale 6], >> > >> > >> >19:06:33.356333 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: >> >gre-proto-0x883e >> >19:06:33.388306 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: >> >gre-proto-0x883e >> >19:06:33.388565 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: >> >gre-proto-0x883e >> >19:06:33.604188 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: >> >gre-proto-0x883e >> >19:06:38.187049 IP 192.168.5.1 > 192.168.2.2: GREv0, length 60: >> >gre-proto-0x883e >> >19:06:41.931862 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: >> >gre-proto-0x883e >> >19:06:42.434829 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: >> >gre-proto-0x883e >> >19:06:55.047736 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: >> >gre-proto-0x883e >> > >> > >> > >> >*Mar 8 12:48:05.300: WCCP-EVNT:S00: Here_I_Am packet from 192.168.2.2 >> >w/bad rcv_id >> >*Mar 8 12:48:05.300: WCCP-PKT:S00: Sending I_See_You packet to >> >192.168.2.2 w/ rcv_id 2378 >> >*Mar 8 12:48:05.300: IP: tableid=0, s=192.168.2.1 (local), >> >d=192.168.2.2 (Ethernet1/0), routed via FIB >> >*Mar 8 12:48:05.304: IP: s=192.168.2.1 (local), d=192.168.2.2 >> >(Ethernet1/0), len 168, sending >> >*Mar 8 12:48:05.580: IP: tableid=0, s=192.168.5.1 (local), >> >d=192.168.5.66 (FastEthernet0/1), routed via FIB >> >*Mar 8 12:48:05.584: IP: tableid=0, s=192.168.5.1 (local), >> >d=192.168.5.66 (FastEthernet0/1), routed via FIB >> > >> >*Mar 8 12:48:15.119: IP: tableid=0, s=192.168.2.2 (Ethernet1/0), >> >d=192.168.2.1 (Ethernet1/0), routed via RIB >> >*Mar 8 12:48:15.119: IP: s=192.168.2.2 (Ethernet1/0), d=192.168.2.1 >> >(Ethernet1/0), len 172, rcvd 3 >> >*Mar 8 12:48:15.123: WCCP-PKT:S00: Received valid Here_I_Am packet >> >from 192.168.2.2 w/rcv_id 2378 >> >*Mar 8 12:48:15.123: WCCP-PKT:S00: Sending I_See_You packet to >> >192.168.2.2 w/ rcv_id 2379 >> >*Mar 8 12:48:15.123: IP: tableid=0, s=192.168.2.1 (local), >> >d=192.168.2.2 (Ethernet1/0), routed via FIB >> >*Mar 8 12:48:15.123: IP: s=192.168.2.1 (local), d=192.168.2.2 >> >(Ethernet1/0), len 168, sending >> >*Mar 8 12:48:15.299: IP: tableid=0, s=192.168.2.2 (Ethernet1/0), >> >d=192.168.5.1 (FastEthernet0/1), routed via RIB >> >*Mar 8 12:48:15.299: IP: s=192.168.2.2 (Ethernet1/0), d=192.168.5.1, >> >len 172, rcvd 4 >> >*Mar 8 12:48:15.299: WCCP-EVNT:S00: Here_I_Am packet from 192.168.2.2 >> >w/bad rcv_id >> >*Mar 8 12:48:15.299: WCCP-PKT:S00: Sending I_See_You packet to >> >192.168.2.2 w/ rcv_id 237A >> > >> > >> > >> > >> > >> > >> > >> >squid config >> > >> > >> >wccp2_router 192.168.2.2 >> > >> >wccp2_address 192.168.0.1 #interface ip address >> > >> >wccp_version 4 >> > >> >wccp2_forwarding_method 1 # Gre for 1 L2rewriting for 2 >> > >> >wccp2_return_method 1 # Gre for 1 L2rewriting for 2 >> > >> >wccp2_assignment_method 1 Gre for 1 L2rewriting for 2 >> > >> >wccp2_weight 5 >> > >> >* >> >other environment ( ip tunnel & iptables ) >> >* >> > >> >first step >> > >> >modprobe ip_gre >> > >> >ip tunnel add wccp0 mode gre remote 192.168.5.1 local 192.168.2.2 dev eth1 >> > >> > >> >second step >> > >> >ip addr add 10.1.1.2/24 dev wccp0 >> >ip route add 10.1.1.0/24 dev wccp0 >> >ip link set wccp0 up >> > >> >Or >> > >> >ifconfig wccp0 10.1.1.2 netmask 255.255.255.0 up >> >route add -net 10.1.1.0 netmask 255.25
[squid-users] sorry, i updated my email mode, and i have a question about wccp
Hello Dear Everyone: > > i config wccp mode recently , but i found http request don't succeed > to be sent via gre tunnel at wccp mode . > > This is my config , if possible , give me some advisement , Thanks again. > > > > 19:36:58.728514 IP 192.168.5.66.37225 > 180.149.132.165.http: Flags > [F.], seq 0, ack 1, win 108, length 0 > 19:37:00.304327 IP 192.168.5.66.41485 > > rev.opentransfer.com.28.147.130.98.in-addr.arpa.http: Flags [S], seq > 2204475760, win 5840, options [mss 1460,sackOK,TS val 3757970 ecr > 0,nop,wscale 6], length 0 > 19:37:00.976403 IP 192.168.5.66.40789 > 202.104.237.103.http: Flags > [S], seq 2214840108, win 5840, options [mss 1460,sackOK,TS val 3758139 > ecr 0,nop,wscale 6], length 0 > 19:37:03.597139 IP 192.168.5.66.58461 > 101.226.142.33.http: Flags > [.], ack 2180972149, win 227, options [nop,nop,TS val 3758794 ecr > 2556809136], length 0 > 19:37:03.806973 IP 192.168.5.66.58461 > 101.226.142.33.http: Flags > [.], ack 1, win 227, options [nop,nop,TS val 3758846 ecr > 2556809198,nop,nop,sack 1 {0:1}], length 0 > 19:37:03.976184 IP 192.168.5.66.40789 > 202.104.237.103.http: Flags > [S], seq 2214840108, win 5840, options [mss 1460,sackOK,TS val 3758889 > ecr 0,nop,wscale 6], > > > 19:06:33.356333 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: > gre-proto-0x883e > 19:06:33.388306 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: > gre-proto-0x883e > 19:06:33.388565 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: > gre-proto-0x883e > 19:06:33.604188 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: > gre-proto-0x883e > 19:06:38.187049 IP 192.168.5.1 > 192.168.2.2: GREv0, length 60: > gre-proto-0x883e > 19:06:41.931862 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: > gre-proto-0x883e > 19:06:42.434829 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: > gre-proto-0x883e > 19:06:55.047736 IP 192.168.5.1 > 192.168.2.2: GREv0, length 48: > gre-proto-0x883e > > > > *Mar 8 12:48:05.300: WCCP-EVNT:S00: Here_I_Am packet from 192.168.2.2 > w/bad rcv_id > *Mar 8 12:48:05.300: WCCP-PKT:S00: Sending I_See_You packet to > 192.168.2.2 w/ rcv_id 2378 > *Mar 8 12:48:05.300: IP: tableid=0, s=192.168.2.1 (local), > d=192.168.2.2 (Ethernet1/0), routed via FIB > *Mar 8 12:48:05.304: IP: s=192.168.2.1 (local), d=192.168.2.2 > (Ethernet1/0), len 168, sending > *Mar 8 12:48:05.580: IP: tableid=0, s=192.168.5.1 (local), > d=192.168.5.66 (FastEthernet0/1), routed via FIB > *Mar 8 12:48:05.584: IP: tableid=0, s=192.168.5.1 (local), > d=192.168.5.66 (FastEthernet0/1), routed via FIB > > *Mar 8 12:48:15.119: IP: tableid=0, s=192.168.2.2 (Ethernet1/0), > d=192.168.2.1 (Ethernet1/0), routed via RIB > *Mar 8 12:48:15.119: IP: s=192.168.2.2 (Ethernet1/0), d=192.168.2.1 > (Ethernet1/0), len 172, rcvd 3 > *Mar 8 12:48:15.123: WCCP-PKT:S00: Received valid Here_I_Am packet > from 192.168.2.2 w/rcv_id 2378 > *Mar 8 12:48:15.123: WCCP-PKT:S00: Sending I_See_You packet to > 192.168.2.2 w/ rcv_id 2379 > *Mar 8 12:48:15.123: IP: tableid=0, s=192.168.2.1 (local), > d=192.168.2.2 (Ethernet1/0), routed via FIB > *Mar 8 12:48:15.123: IP: s=192.168.2.1 (local), d=192.168.2.2 > (Ethernet1/0), len 168, sending > *Mar 8 12:48:15.299: IP: tableid=0, s=192.168.2.2 (Ethernet1/0), > d=192.168.5.1 (FastEthernet0/1), routed via RIB > *Mar 8 12:48:15.299: IP: s=192.168.2.2 (Ethernet1/0), d=192.168.5.1, > len 172, rcvd 4 > *Mar 8 12:48:15.299: WCCP-EVNT:S00: Here_I_Am packet from 192.168.2.2 > w/bad rcv_id > *Mar 8 12:48:15.299: WCCP-PKT:S00: Sending I_See_You packet to > 192.168.2.2 w/ rcv_id 237A > > > > > > > > squid config > > > wccp2_router 192.168.2.2 > > wccp2_address 192.168.0.1 #interface ip address > > wccp_version 4 > > wccp2_forwarding_method 1 # Gre for 1 L2rewriting for 2 > > wccp2_return_method 1 # Gre for 1 L2rewriting for 2 > > wccp2_assignment_method 1 Gre for 1 L2rewriting for 2 > > wccp2_weight 5 > > * > other environment ( ip tunnel & iptables ) > * > > first step > > modprobe ip_gre > > ip tunnel add wccp0 mode gre remote 192.168.5.1 local 192.168.2.2 dev eth1 > > > second step > > ip addr add 10.1.1.2/24 dev wccp0 > ip route add 10.1.1.0/24 dev wccp0 > ip link set wccp0 up > > Or > > ifconfig wccp0 10.1.1.2 netmask 255.255.255.0 up > route add -net 10.1.1.0 netmask 255.255.255.0 dev wccp0 > > > third step > > echo 0 >/proc/sys/net/ipv4/conf/wccp0/rp_filter > echo 0 >/proc/sys/net/ipv4/conf/eth1/rp_filter > echo 1 > /proc/sys/net/ipv4/ip_forward > > fouth step > > iptables -P INPUT ACCEPT > iptables -P OUTPUT ACCEPT > iptables -P FORWARD ACCEPT > iptables -A INPUT -i lo -j ACCEPT > iptables -A OUTPUT -o lo -j ACCEPT > iptables -A INPUT -i wccp0 -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i wccp0