To: "'Eric J Merkel'" <[EMAIL PROTECTED]>; "'Squid'" <[EMAIL PROTECTED]>
Sent: Tuesday, December 07, 2004 12:28 AM
Subject: RE: [squid-users] Problem with WCCP on OpenBSD
Hi Eric, I have never worked with OpenBSD but a lot with FreeBSD. Is your OpenBSD using a standard GRE or you have had to "patch" it in? I experienced something very similar to what you have described on FreeBSD 4.9 and 4.10 when I tried to implement WCCP. I must ad that this used o work fine on previous versions where we had to put in a patch. I could not get round it despite following different sets of instructions and the "gre man" on my system. In fact I had to fallback on LINUX to get my WCCP working.
Ralph
Well, I was really hoping to not have to fall back to linux. I really believe my problem has something to do with the GRE tunnel. I enabled a kernel option net.inet.gre.wccp=1 which I believe is all I need. When I had just net.inet.gre.allow turned on, I was getting port 47 unreachable. I saw several posts on Google talking about a patch for FreeBSD but no word of such a one for OpenBSD.
If I set the browser proxy to port 80 on the squid box, the redirection to port 3128 is working as well. This is what has lead me to believe it has to be an issue with the GRE encapsulation/unencapsulation. I am not that familiar with GRE so I wasn't sure if I needed a gre0 interface enabled on my system or if I needed to create a tunnel between the router and my squid box.
Any other thoughts of things to try before I punt and load linux?
Eric
-----Original Message----- From: Eric J Merkel [mailto:[EMAIL PROTECTED] Sent: Monday, December 06, 2004 10:14 PM To: Squid Subject: [squid-users] Problem with WCCP on OpenBSD
I just loaded squid-2.5.STABLE7 on an OpenBSD 3.6 machine. Squid seems to be
working fine when I setup a browser proxy directly to port 3128. However, I
am attempting to setup WCCP on the Cisco router(IOS 12.2) to redirect web
traffic to the Squid cache and have run into a bit of a problem.
The Cisco shows the squid cache is available and is communication with all
the normal HERE_I_AM/I_SEE_YOU messages. The WCCP counters are incrementing
when I try to hit a web site and I see the router is redirecting packets to
the cache but the access.log does not show the requests making it to Squid.
I am assuming that my port 80->3128 redirection or the GRE un-encapsulation
is not happening right.
Here is my PF translation rule: rdr on fxp0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 3128
I do have "net.inet.ip.forwarding=1" and "net.inet.gre.wccp=1" set. I have compiled squid with the "enable-pf-transparent" option.
Here is a short snippet from a tcpdump of the router when trying to access a
web site via WCCP.
15:03:08.951713 207.19.167.199.2048 > cache1.metalink.net.2048: udp 64 15:03:19.140050 cache1.metalink.net.2048 > 207.19.167.199.2048: udp 52 15:03:19.141997 207.19.167.199.2048 > cache1.metalink.net.2048: udp 64 15:03:20.131678 gre-proto-0x883e (gre encap) 15:03:23.128623 gre-proto-0x883e (gre encap) 15:03:29.138911 gre-proto-0x883e (gre encap) 15:03:29.160045 cache1.metalink.net.2048 > 207.19.167.199.2048: udp 52 15:03:29.161871 207.19.167.199.2048 > cache1.metalink.net.2048: udp 64
Anyone, have any idea what I missed or am doing wrong?
Thanks in advance!
=== Eric Merkel MetaLINK Technologies, Inc
