Re: [squid-users] Squid + RHEL4 + ip_gre issue
ons 2006-08-02 klockan 16:27 -0700 skrev Arnold Wang: > Is my reading on the trace correct? If so, does is really mean the > ip_gre module comes with RHEL 4 doesn't support WCCP? Is there a > way/command to verify whether the ip_gre module in my system supports > WCCP? Have you created the wccp gre tunnel to the router? (see FAQ) Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] Squid + RHEL4 + ip_gre issue
I believe so. Here is the configuration related to WCCP/GRE in my router: ip wccp version 1 ip wccp web-cache redirect-list 130 interface Tunnel0 ip address 192.168.1.7 255.255.255.254 tunnel source 10.17.2.65 tunnel destination 10.17.2.146 . interface Vlan13 ip address 10.17.11.2 255.255.255.0 ip wccp web-cache redirect in The configuration in the RHEL box: [EMAIL PROTECTED] ~]# ip tunnel show gre0: gre/ip remote any local any ttl inherit nopmtudisc wccp0: gre/ip remote 10.17.2.65 local 10.17.2.146 dev eth0 ttl inherit sit0: ipv6/ip remote any local any ttl 64 nopmtudisc Thanks for the reply. -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 02, 2006 6:32 PM To: Arnold Wang Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Squid + RHEL4 + ip_gre issue ons 2006-08-02 klockan 16:27 -0700 skrev Arnold Wang: > Is my reading on the trace correct? If so, does is really mean the > ip_gre module comes with RHEL 4 doesn't support WCCP? Is there a > way/command to verify whether the ip_gre module in my system supports > WCCP? Have you created the wccp gre tunnel to the router? (see FAQ) Regards Henrik
RE: [squid-users] Squid + RHEL4 + ip_gre issue
ons 2006-08-02 klockan 22:22 -0700 skrev Arnold Wang: > The configuration in the RHEL box: > [EMAIL PROTECTED] ~]# ip tunnel show > gre0: gre/ip remote any local any ttl inherit nopmtudisc > wccp0: gre/ip remote 10.17.2.65 local 10.17.2.146 dev eth0 ttl > inherit > sit0: ipv6/ip remote any local any ttl 64 nopmtudisc what does "ip addr show dev wccp0" say? Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] Squid + RHEL4 + ip_gre issue
[EMAIL PROTECTED] tmp]# ip addr show dev wccp0 4: [EMAIL PROTECTED]: mtu 1476 qdisc noqueue link/gre 10.17.2.146 peer 10.17.2.65 inet 192.168.1.6/31 scope global wccp0 Thanks again for your kind helps. On Thu, 2006-08-03 at 08:44 +0200, Henrik Nordstrom wrote: > ons 2006-08-02 klockan 22:22 -0700 skrev Arnold Wang: > > > The configuration in the RHEL box: > > [EMAIL PROTECTED] ~]# ip tunnel show > > gre0: gre/ip remote any local any ttl inherit nopmtudisc > > wccp0: gre/ip remote 10.17.2.65 local 10.17.2.146 dev eth0 ttl > > inherit > > sit0: ipv6/ip remote any local any ttl 64 nopmtudisc > > what does "ip addr show dev wccp0" say? > > Regards > Henrik
RE: [squid-users] Squid + RHEL4 + ip_gre issue
Looks fine. And "cat /proc/sys/net/ipv4/conf/wccp0/rp_filter"? (should be 0) Regards Henrik tor 2006-08-03 klockan 10:34 -0700 skrev Arnold Wang: > [EMAIL PROTECTED] tmp]# ip addr show dev wccp0 > 4: [EMAIL PROTECTED]: mtu 1476 qdisc noqueue > link/gre 10.17.2.146 peer 10.17.2.65 > inet 192.168.1.6/31 scope global wccp0 > > Thanks again for your kind helps. > > On Thu, 2006-08-03 at 08:44 +0200, Henrik Nordstrom wrote: > > ons 2006-08-02 klockan 22:22 -0700 skrev Arnold Wang: > > > > > The configuration in the RHEL box: > > > [EMAIL PROTECTED] ~]# ip tunnel show > > > gre0: gre/ip remote any local any ttl inherit nopmtudisc > > > wccp0: gre/ip remote 10.17.2.65 local 10.17.2.146 dev eth0 ttl > > > inherit > > > sit0: ipv6/ip remote any local any ttl 64 nopmtudisc > > > > what does "ip addr show dev wccp0" say? > > > > Regards > > Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] Squid + RHEL4 + ip_gre issue
Yes, I did change those system settings mentioned in FAQ, including enabling routing, etc. [EMAIL PROTECTED] awang] $cat /proc/sys/net/ipv4/conf/wccp0/rp_filter 0 On Thu, 2006-08-03 at 20:06 +0200, Henrik Nordstrom wrote: > Looks fine. > > And "cat /proc/sys/net/ipv4/conf/wccp0/rp_filter"? > > (should be 0) > > Regards > Henrik > > tor 2006-08-03 klockan 10:34 -0700 skrev Arnold Wang: > > [EMAIL PROTECTED] tmp]# ip addr show dev wccp0 > > 4: [EMAIL PROTECTED]: mtu 1476 qdisc noqueue > > link/gre 10.17.2.146 peer 10.17.2.65 > > inet 192.168.1.6/31 scope global wccp0 > > > > Thanks again for your kind helps. > > > > On Thu, 2006-08-03 at 08:44 +0200, Henrik Nordstrom wrote: > > > ons 2006-08-02 klockan 22:22 -0700 skrev Arnold Wang: > > > > > > > The configuration in the RHEL box: > > > > [EMAIL PROTECTED] ~]# ip tunnel show > > > > gre0: gre/ip remote any local any ttl inherit nopmtudisc > > > > wccp0: gre/ip remote 10.17.2.65 local 10.17.2.146 dev eth0 ttl > > > > inherit > > > > sit0: ipv6/ip remote any local any ttl 64 nopmtudisc > > > > > > what does "ip addr show dev wccp0" say? > > > > > > Regards > > > Henrik
RE: [squid-users] Squid + RHEL4 + ip_gre issue
If you run tcpdump -n -i wccp0, do you see any traffic? Regards Henrik tor 2006-08-03 klockan 12:03 -0700 skrev Arnold Wang: > Yes, I did change those system settings mentioned in FAQ, including > enabling routing, etc. > > [EMAIL PROTECTED] awang] > $cat /proc/sys/net/ipv4/conf/wccp0/rp_filter > 0 signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] Squid + RHEL4 + ip_gre issue
Yes. I included in my original post. I include my read on it as well. - begin of the trace -- 1 0.00192.168.1.6 192.168.1.7 WCCP 1.0 Here I am -> Squid tries to register with the router. 2 0.000960192.168.1.7 192.168.1.6 WCCP 1.0 I see you -> Router sees it and registers it. 3 3.40843110.17.11.20 209.131.36.158TCP 34121 > http [SYN] Seq=0 Len=0 MSS=1460 TSV=100191619 TSER=0 WS=2 -> Client tries to access a web site and the router forwards it to the Squid machine. 4 3.408469192.168.1.6 204.146.97.xx ICMP Destination unreachable (Protocol unreachable) -> Here I think indicates the problem which is the ip_gre doesn't know how to decapsulate the gre-ed WCCP packet. It send an ICMP packet back to the router with Protocol unreachable error. - end of the trace -- Thanks again for your help. On Thu, 2006-08-03 at 22:00 +0200, Henrik Nordstrom wrote: > If you run tcpdump -n -i wccp0, do you see any traffic? > > Regards > Henrik > > tor 2006-08-03 klockan 12:03 -0700 skrev Arnold Wang: > > Yes, I did change those system settings mentioned in FAQ, including > > enabling routing, etc. > > > > [EMAIL PROTECTED] awang] > > $cat /proc/sys/net/ipv4/conf/wccp0/rp_filter > > 0 >
RE: [squid-users] Squid + RHEL4 + ip_gre issue
tor 2006-08-03 klockan 13:33 -0700 skrev Arnold Wang: > Yes. I included in my original post. That traffic was on eth0, not on wccp0. > > If you run tcpdump -n -i wccp0, do you see any traffic? Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] Squid + RHEL4 + ip_gre issue
I'm sorry I forgot it's from the eth0 packet. I do see traffics on wccp0 as well. [EMAIL PROTECTED] local]# tethereal -i wccp0 tethereal: WARNING: arptype 778 not supported by libpcap - falling back to cooked socket. Capturing on wccp0 0.00 192.168.1.6 -> 192.168.1.7 WCCP 1.0 Here I am 0.000967 192.168.1.7 -> 192.168.1.6 WCCP 1.0 I see you 10.435223 192.168.1.6 -> 192.168.1.7 WCCP 1.0 Here I am 10.436387 192.168.1.7 -> 192.168.1.6 WCCP 1.0 I see you 14.871173 10.17.11.20 -> 209.131.36.158 TCP 33340 > http [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=77188263 TSER=0 WS=2 The reason I didn't post this was it didn't show the ICMP packet. When you asked for trace from wccp0, I forgot the one I posted was from eth0. I apologize again. On Thu, 2006-08-03 at 23:07 +0200, Henrik Nordstrom wrote: > tor 2006-08-03 klockan 13:33 -0700 skrev Arnold Wang: > > Yes. I included in my original post. > > That traffic was on eth0, not on wccp0. > > > > If you run tcpdump -n -i wccp0, do you see any traffic? > > Regards > Henrik
RE: [squid-users] Squid + RHEL4 + ip_gre issue
tor 2006-08-03 klockan 14:40 -0700 skrev Arnold Wang: > I'm sorry I forgot it's from the eth0 packet. I do see traffics on wccp0 > as well. > > [EMAIL PROTECTED] local]# tethereal -i wccp0 > tethereal: WARNING: arptype 778 not supported by libpcap - falling back > to cooked socket. > Capturing on wccp0 > 0.00 192.168.1.6 -> 192.168.1.7 WCCP 1.0 Here I am > 0.000967 192.168.1.7 -> 192.168.1.6 WCCP 1.0 I see you > 10.435223 192.168.1.6 -> 192.168.1.7 WCCP 1.0 Here I am > 10.436387 192.168.1.7 -> 192.168.1.6 WCCP 1.0 I see you Odd.. I would not expect the WCCP chatter to be seen here... > 14.871173 10.17.11.20 -> 209.131.36.158 TCP 33340 > http [SYN] Seq=0 > Ack=0 Win=5840 Len=0 MSS=1460 TSV=77188263 TSER=0 WS=2 This looks like an intercepted packet. So the GRE probably works.. (maybe... the WCCP stuff above worries me..) For now assuming the GRE does work. What does your iptables rules look like? iptables-save Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] Squid + RHEL4 + ip_gre issue
1. Can you explain to me your concern on the WCCP chat you saw on wccp0 interface? I thought they're belong there. 2. The iptables rules look like this. [EMAIL PROTECTED] ~]# iptables-save # Generated by iptables-save v1.2.11 on Thu Aug 3 17:17:18 2006 *filter :INPUT ACCEPT [312:26614] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [226:28523] COMMIT # Completed on Thu Aug 3 17:17:18 2006 # Generated by iptables-save v1.2.11 on Thu Aug 3 17:17:18 2006 *nat :PREROUTING ACCEPT [59:6147] :POSTROUTING ACCEPT [4:352] :OUTPUT ACCEPT [4:352] -A PREROUTING -s 10.0.0.0/255.0.0.0 -d ! 10.0.0.0/255.0.0.0 -i wccp0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.17.2.146:3128 COMMIT # Completed on Thu Aug 3 17:17:18 2006 3. Take a look the following, if I read it correctly, I'm not family with iptables/netfilter, it doesn't looks like the DNAT rule has ever been triggered, which makes me further believe the encapsulated WCCP packets were decapsulted properly. [EMAIL PROTECTED] ~]# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- 10.0.0.0/8 !10.0.0.0/8 tcp dpt:http to:10.17.2.146:3128 Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [EMAIL PROTECTED] ~]# iptables -t nat -L -v Chain PREROUTING (policy ACCEPT 182 packets, 20521 bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- wccp0 any 10.0.0.0/8 !10.0.0.0/8 tcp dpt:http to:10.17.2.146:3128 Chain POSTROUTING (policy ACCEPT 19 packets, 1291 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 19 packets, 1291 bytes) pkts bytes target prot opt in out source destination -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, August 03, 2006 3:22 PM To: Arnold Wang Cc: squid-users@squid-cache.org Subject: RE: [squid-users] Squid + RHEL4 + ip_gre issue tor 2006-08-03 klockan 14:40 -0700 skrev Arnold Wang: > I'm sorry I forgot it's from the eth0 packet. I do see traffics on wccp0 > as well. > > [EMAIL PROTECTED] local]# tethereal -i wccp0 > tethereal: WARNING: arptype 778 not supported by libpcap - falling back > to cooked socket. > Capturing on wccp0 > 0.00 192.168.1.6 -> 192.168.1.7 WCCP 1.0 Here I am > 0.000967 192.168.1.7 -> 192.168.1.6 WCCP 1.0 I see you > 10.435223 192.168.1.6 -> 192.168.1.7 WCCP 1.0 Here I am > 10.436387 192.168.1.7 -> 192.168.1.6 WCCP 1.0 I see you Odd.. I would not expect the WCCP chatter to be seen here... > 14.871173 10.17.11.20 -> 209.131.36.158 TCP 33340 > http [SYN] Seq=0 > Ack=0 Win=5840 Len=0 MSS=1460 TSV=77188263 TSER=0 WS=2 This looks like an intercepted packet. So the GRE probably works.. (maybe... the WCCP stuff above worries me..) For now assuming the GRE does work. What does your iptables rules look like? iptables-save Regards Henrik
RE: [squid-users] Squid + RHEL4 + ip_gre issue
On Thu, 2006-08-03 at 17:25 -0700, Arnold Wang wrote: > 1. Can you explain to me your concern on the WCCP chat you saw on wccp0 > interface? I thought they're belong there. The WCCP control traffic should go over the IP network, not encapsulated in GRE. The rest looks fine (assuming IP addresses on the WCCP interface actually match the GRE traffic your router sends), and should work from what I understand. But that kernel is a bit old and it's possible the WCCP part of ip_gre maybe isn't fully operational there. Regards Henrik
RE: [squid-users] Squid + RHEL4 + ip_gre issue
Thanks for the response. See my comments below. -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Friday, August 04, 2006 4:57 AM To: Arnold Wang Cc: squid-users@squid-cache.org Subject: RE: [squid-users] Squid + RHEL4 + ip_gre issue On Thu, 2006-08-03 at 17:25 -0700, Arnold Wang wrote: > 1. Can you explain to me your concern on the WCCP chat you saw on wccp0 > interface? I thought they're belong there. The WCCP control traffic should go over the IP network, not encapsulated in GRE. [Arnold Wang] This reminds me the odd thing I ignored earlier which is I have to define the dummy IP of the router GRE interface as the wccp_router in the Squid for it to register with router properly. I thought it was strange, however I chose to ignore it. I think that's the reason the control traffics go through the tunnel as well. The rest looks fine (assuming IP addresses on the WCCP interface actually match the GRE traffic your router sends), and should work from what I understand. But that kernel is a bit old and it's possible the WCCP part of ip_gre maybe isn't fully operational there. [Arnold Wang] That's what I'm afraid. Do you happen to know whether there's a way to verify the ip_gre module in my system supports WCCP, as it should be? I have a case opened already with Redhat as well. Regards Henrik
RE: [squid-users] Squid + RHEL4 + ip_gre issue
fre 2006-08-04 klockan 09:29 -0700 skrev Arnold Wang: > This reminds me the odd thing I ignored earlier which is I > have to define the dummy IP of the router GRE interface as the > wccp_router in the Squid for it to register with router properly. What GRE interface on the router? Have you created a GRE tunnel from the router to the cache? This should not be done. The router automatically sets up the needed GRE stuff internally when the cache registers. > I > thought it was strange, however I chose to ignore it. I think that's the > reason the control traffics go through the tunnel as well. Maybe. Not an IOS expert. > That's what I'm afraid. Do you happen to know whether > there's a way to verify the ip_gre module in my system supports WCCP, as > it should be? I have a case opened already with Redhat as well. Get the source rpm, unpack the sources and look in net/ipv4/ip_gre.c Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] Squid + RHEL4 + ip_gre issue
Thanks for the suggestion. I did configure a GRE tunnel from the router to the Squid. Maybe that caused all my problems. I'll look into that again. I did install the kernel-devel package from Redhat and tried to look for the ip_gre.c file and didn't find it. I guess I didn't look hard enough. Thanks again for your helps. They're very helpful. -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Friday, August 04, 2006 9:57 AM To: Arnold Wang Cc: squid-users@squid-cache.org Subject: RE: [squid-users] Squid + RHEL4 + ip_gre issue fre 2006-08-04 klockan 09:29 -0700 skrev Arnold Wang: > This reminds me the odd thing I ignored earlier which is I > have to define the dummy IP of the router GRE interface as the > wccp_router in the Squid for it to register with router properly. What GRE interface on the router? Have you created a GRE tunnel from the router to the cache? This should not be done. The router automatically sets up the needed GRE stuff internally when the cache registers. > I > thought it was strange, however I chose to ignore it. I think that's the > reason the control traffics go through the tunnel as well. Maybe. Not an IOS expert. > That's what I'm afraid. Do you happen to know whether > there's a way to verify the ip_gre module in my system supports WCCP, as > it should be? I have a case opened already with Redhat as well. Get the source rpm, unpack the sources and look in net/ipv4/ip_gre.c Regards Henrik
RE: [squid-users] Squid + RHEL4 + ip_gre issue
fre 2006-08-04 klockan 10:32 -0700 skrev Arnold Wang: > I did install the kernel-devel package from Redhat and tried to look for > the ip_gre.c file and didn't find it. I guess I didn't look hard enough. > Thanks again for your helps. They're very helpful. The kernel source is in the source rpm (kernel-src.rpm) Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] Squid + RHEL4 + ip_gre issue
I thought RedHat changed their kernel source distribution package. BTW, just to confirm, I don't need any GRE configuration on the router side at all, is this correct? Do I have to specify the wccp_ip incoming/outgoing address for Squid? It seems I having trouble to have Squid registering with the router after I removed the GRE definition in the router. Here are what the router and Squid configuration looks like, I'll read though the FAQ again, however would you be kind enough to check whether I missed anything? --- router configuration --- ip wccp version 1 ip wccp web-cache redirect-list 130 interface Vlan13 <-- VLAN Interface where the client comes from ... ip wccp web-cache redirect in ... WCCP status in router --- switchdc1#sh ip wccp Global WCCP information: Router information: Router Identifier: 204.146.97.65 Protocol Version:1.0 Service Identifier: web-cache Number of Cache Engines: 0 Number of routers: 1 Total Packets Redirected:559 Redirect access-list:130 Total Packets Denied Redirect: 12930 Total Packets Unassigned:0 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 --- Squid configuration --- wccp_router 204.146.97.65 wccp_version 4 wccp_incoming_address 192.168.1.6 <--- GRE IP wccp_outgoing_address 10.17.2.146 <--- eth0 IP I have tried without specifying the incoming/outgoing IPs and it didn't work neither. On Fri, 2006-08-04 at 19:44 +0200, Henrik Nordstrom wrote: > fre 2006-08-04 klockan 10:32 -0700 skrev Arnold Wang: > > > I did install the kernel-devel package from Redhat and tried to look for > > the ip_gre.c file and didn't find it. I guess I didn't look hard enough. > > Thanks again for your helps. They're very helpful. > > The kernel source is in the source rpm (kernel-src.rpm) > > Regards > Henrik
RE: [squid-users] Squid + RHEL4 + ip_gre issue
That is the problem. mismatched IP addresses between the router and Squid. There're multiple IPs in the router and it picks 204.146.97.x as its WCCP IP and it seems no way to modify it, I have a case opened now with Cisco to confirm. The Squid has 10.17.2.x IP. I just added another interface in the Squid machine and assign it a 204.146.97.x address for all the WCCP traffics and everything starts working. Thank you very much for the helps. On Fri, 2006-08-04 at 11:12 -0700, Arnold Wang wrote: > I thought RedHat changed their kernel source distribution package. > BTW, just to confirm, I don't need any GRE configuration on the router > side at all, is this correct? > Do I have to specify the wccp_ip incoming/outgoing address for Squid? It > seems I having trouble to have Squid registering with the router after I > removed the GRE definition in the router. > Here are what the router and Squid configuration looks like, I'll read > though the FAQ again, however would you be kind enough to check whether > I missed anything? > > --- router configuration --- > ip wccp version 1 > ip wccp web-cache redirect-list 130 > > interface Vlan13 <-- VLAN Interface where the client comes from > ... > ip wccp web-cache redirect in > ... > > WCCP status in router --- > switchdc1#sh ip wccp > Global WCCP information: > Router information: > Router Identifier: 204.146.97.65 > Protocol Version:1.0 > > Service Identifier: web-cache > Number of Cache Engines: 0 > Number of routers: 1 > Total Packets Redirected:559 > Redirect access-list:130 > Total Packets Denied Redirect: 12930 > Total Packets Unassigned:0 > Group access-list: -none- > Total Messages Denied to Group: 0 > Total Authentication failures: 0 > > > --- Squid configuration --- > wccp_router 204.146.97.65 > wccp_version 4 > wccp_incoming_address 192.168.1.6 <--- GRE IP > wccp_outgoing_address 10.17.2.146 <--- eth0 IP > I have tried without specifying the incoming/outgoing IPs and it didn't > work neither. > > > > On Fri, 2006-08-04 at 19:44 +0200, Henrik Nordstrom wrote: > > fre 2006-08-04 klockan 10:32 -0700 skrev Arnold Wang: > > > > > I did install the kernel-devel package from Redhat and tried to look for > > > the ip_gre.c file and didn't find it. I guess I didn't look hard enough. > > > Thanks again for your helps. They're very helpful. > > > > The kernel source is in the source rpm (kernel-src.rpm) > > > > Regards > > Henrik
RE: [squid-users] Squid + RHEL4 + ip_gre issue
fre 2006-08-04 klockan 11:12 -0700 skrev Arnold Wang: > I thought RedHat changed their kernel source distribution package. They don't distribute the kernel source as a binary rpm any longer. Only as a source rpm just like how it's done for all other rpms. > BTW, just to confirm, I don't need any GRE configuration on the router > side at all, is this correct? Correct. > Do I have to specify the wccp_ip incoming/outgoing address for Squid? Shouldn't be needed. > That is the problem. mismatched IP addresses between the router and > Squid. Good, you found the problem. > There're multiple IPs in the router and it picks 204.146.97.x as its > WCCP IP and it seems no way to modify it, I have a case opened now with > Cisco to confirm. The Squid has 10.17.2.x IP. Not sure this is a problem.. You should be able to ask Squid to register to that router IP. In worst case adding a route if that IP is not normally going via the router for some strange reason.. > I just added another interface in the Squid machine and assign it a > 204.146.97.x address for all the WCCP traffics and everything starts > working. Not sure why you needed to add another interface. You can have as many IP addresses and network you like per NIC.. Only if you need to physically connect differently is a second NIC needed.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] Squid + RHEL4 + ip_gre issue
Just heard from Cisco that there maybe a bug in the router causes the strange behaviors I'm seeing. He is doing more research to confirm that. Regarding the second NIC, it's just my quick dirty solution to test my suspect, those two IPs are in different VLANs. Sure I can use VLAN feature in Linux to achieve that as well. -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Friday, August 04, 2006 2:36 PM To: Arnold Wang Cc: squid-users@squid-cache.org Subject: RE: [squid-users] Squid + RHEL4 + ip_gre issue fre 2006-08-04 klockan 11:12 -0700 skrev Arnold Wang: > I thought RedHat changed their kernel source distribution package. They don't distribute the kernel source as a binary rpm any longer. Only as a source rpm just like how it's done for all other rpms. > BTW, just to confirm, I don't need any GRE configuration on the router > side at all, is this correct? Correct. > Do I have to specify the wccp_ip incoming/outgoing address for Squid? Shouldn't be needed. > That is the problem. mismatched IP addresses between the router and > Squid. Good, you found the problem. > There're multiple IPs in the router and it picks 204.146.97.x as its > WCCP IP and it seems no way to modify it, I have a case opened now with > Cisco to confirm. The Squid has 10.17.2.x IP. Not sure this is a problem.. You should be able to ask Squid to register to that router IP. In worst case adding a route if that IP is not normally going via the router for some strange reason.. > I just added another interface in the Squid machine and assign it a > 204.146.97.x address for all the WCCP traffics and everything starts > working. Not sure why you needed to add another interface. You can have as many IP addresses and network you like per NIC.. Only if you need to physically connect differently is a second NIC needed.. Regards Henrik