Hello,
thanks for the advice ill proceed and add the new ACL.
in the meantime, to answer your question
yes Squid is on the same interface as all the other clients. what sort of
entries should I add to tht access list?
PS: my IOS is Version 12.4(17b), RELEASE SOFTWARE (fc2) Cisco 2811 (revision
53.51)
--------------------------------------------------
From: "Ritter, Nicholas" <nicholas.rit...@americantv.com>
Sent: Monday, January 05, 2009 9:23 PM
To: <r_o_l_a_...@hotmail.com>; <sq...@vdvyver.net>
Cc: <squid-users@squid-cache.org>
Subject: RE: [squid-users] transparent proxy not working!! any advice?
The error on the Cisco router is stating that the squid box is trying to
tell the router that it is able to service the wccp group 80 and 90, but
for some reason the router does not see those groups as ones it is
servicing.
This is odd. Try doing the following in the router:
ip access-list 180 permit any any
ip wccp web-cache redirect-list 180
ip wccp 80 redirect-list 180
ip wccp 90 redirect-list 180
Is the squid box on the same router interface as the rest of the clients?
If it is, you may need to add lines to the access-list 180, or put the
squid box on the secondary interface of the router and do a "ip wccp
redirect exclude in" statement on that interface.
Which IOS feature set and version is this?
WCCP is buggy in some IOS releases.
________________________________
From: r_o_l_a_...@hotmail.com [mailto:r_o_l_a_...@hotmail.com]
Sent: Mon 1/5/2009 8:43 AM
To: sq...@vdvyver.net
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] transparent proxy not working!! any advice?
Hello,
actually I have both of set on the lan interface ( am I mistaken to set
the
"redirect out" on the lan interface? should I be setting it on the
interface
facing the internet?)
ip wccp 80 redirect in
ip wccp 90 redirect out
as for the wiki provided, I fail to see what's missing!
obviously there is something, but I'm not detecting it!
--------------------------------------------------
From: "Regardt van de Vyver" <sq...@vdvyver.net>
Sent: Monday, January 05, 2009 12:46 AM
Cc: <squid-users@squid-cache.org>
Subject: Re: [squid-users] transparent proxy not working!! any advice?
Roland Roland wrote:
Hello,
the output of the debugging is as such:
*Jan 4 23:16:43.205: WCCP-EVNT:D90: Here_I_Am packet from
192.168.0.183:
service not active
*Jan 4 23:16:43.205: WCCP-EVNT:D80: Here_I_Am packet from
192.168.0.183:
service not active
what service is that?!
--------------------------------------------------
From: "Regardt van de Vyver" <sq...@vdvyver.net>
Sent: Sunday, January 04, 2009 9:33 PM
Cc: <squid-users@squid-cache.org>
Subject: Re: [squid-users] transparent proxy not working!! any advice?
Roland Roland wrote:
i've just created a new box with the following options:
but wccp with router is still not working!
any advice?
using centos 5.2
and squid 2.6
firewall enabled
SElinux permissive
-------------------------------------------------------
done the following:
yum update yum
yum install squid
squid -z
-------------------------------------------------------
gedit /etc/rc.d/init.d/rc.local
#added:
modprobe ip_gre
ifconfig gre0 192.168.0.183 netmask 255.255.255.0 up
#this is the same ip as my eth0
----------------------------------------------------
gedit /etc/sysconfig/iptables
#added:
-A INPUT -i gre0 -j ACCEPT
-A INPUT -i gre0 -j ACCEPT
-A INPUT -p gre -j ACCEPT
#my routers lan interface 192.168.0.1
-A RH-Firewall-1-INPUT -s 192.168.0.1/24 -p udp -m udp --dport 2048 -j
ACCEPT
-------------------------------------------------------
service iptables condrestart
--------------------------------------------------------
gedit /etc/squid/squid.conf
#edited/added the follwoing:
http_port 80 transparent
http_access allow all
wccp2_router 192.168.0.1
wccp_version 4
wccp2_rebuild_wait on
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service dynamic 80
wccp2_service dynamic 90
wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
ports=80
wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
priority=240 ports=80
----------------------------------------------------------
Cisco router 2811 side:
conf t
ip wccp version 2
ip wccp web-cache
int f0/1 (Lan interface)
ip wccp 80 redirect in
ip wccp 90 redirect out
----------------------------------------------------------
service squid restart
then sh ip wccp on router gave me all hits as 0 no hits from squid to
router!!
----------------------------------------------------------
service iptables status
[r...@localhost ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
type
255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
state
RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
state
NEW
tcp dpt:22
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
state
NEW
tcp dpt:80
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
state
NEW
tcp dpt:5900
12 ACCEPT udp -- 192.168.0.0/24 0.0.0.0/0 udp
dpt:2048
13 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
---------------------------------------------------------------------------
lsmod:
Module Size Used by
ip_conntrack_netbios_ns 6977 0
xt_state 6209 4
ip_conntrack 53025 2 ip_conntrack_netbios_ns,xt_state
nfnetlink 10713 1 ip_conntrack
iptable_filter 7105 1
ip_tables 17029 1 iptable_filter
ip6table_filter 6849 1
ip6_tables 18053 1 ip6table_filter
nls_utf8 6208 1
ip_gre 16737 0
autofs4 24517 2
hidp 23105 2
rfcomm 42457 0
l2cap 29505 10 hidp,rfcomm
bluetooth 53797 5 hidp,rfcomm,l2cap
sunrpc 144893 1
ipt_REJECT 9537 1
ip6t_REJECT 9409 1
xt_tcpudp 7105 15
x_tables 17349 6
xt_state,ip_tables,ip6_tables,ipt_REJECT,ip6t_REJECT,xt_tcpudp
dm_multipath 22089 0
video 21193 0
sbs 18533 0
backlight 10049 1 video
i2c_ec 9025 1 sbs
button 10705 0
battery 13637 0
asus_acpi 19289 0
ac 9157 0
ipv6 258273 17 ip6t_REJECT
xfrm_nalgo 13765 1 ipv6
crypto_api 11969 1 xfrm_nalgo
lp 15849 0
floppy 57125 0
i2c_piix4 12237 0
pcnet32 35141 0
pcspkr 7105 0
i2c_core 23745 2 i2c_ec,i2c_piix4
mii 9409 1 pcnet32
ide_cd 40033 1
cdrom 36705 1 ide_cd
parport_pc 29157 1
serio_raw 10693 0
parport 37513 2 lp,parport_pc
dm_snapshot 21477 0
dm_zero 6209 0
dm_mirror 29125 0
dm_mod 61405 9
dm_multipath,dm_snapshot,dm_zero,dm_mirror
ata_piix 22341 0
libata 143997 1 ata_piix
sd_mod 24897 0
scsi_mod 134605 2 libata,sd_mod
ext3 123593 2
jbd 56553 1 ext3
uhci_hcd 25421 0
ohci_hcd 23261 0
ehci_hcd 33357 0
------------------------------------------------------------------------
ifconfig:
[r...@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:F8:D0:AF
inet addr:192.168.0.183 Bcast:192.168.0.255
Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fef8:d0af/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29956 errors:0 dropped:0 overruns:0 frame:0
TX packets:11948 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3673892 (3.5 MiB) TX bytes:7234153 (6.8 MiB)
Interrupt:169 Base address:0x2000
gre0 Link encap:UNSPEC HWaddr
00-00-00-00-B2-BF-68-33-00-00-00-00-00-00-00-00
inet addr:192.168.0.183 Mask:255.255.255.0
UP RUNNING NOARP MTU:1476 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2926 errors:0 dropped:0 overruns:0 frame:0
TX packets:2926 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3257748 (3.1 MiB) TX bytes:3257748 (3.1 MiB)
-------------------------------------------------------------------------------
Hi Roland,
Have you had a look at the WCCP debugging messages on the Cisco?
eg. on the cisco
debug ip wccp events
debug ip wccp packets
terminal monitor
That should give you some indication of wccp activity, also what does
"sh ip wccp web-cache detail" show?
Regardt
Hi Roland,
Off the bat I'd guess its a missing
"ip wccp 80" and a "ip wccp 90" on the Cisco.
Also, just rechecking your config I'm wondering about missing /proc bits
as per:
http://wiki.squid-cache.org/ConfigExamples/MultiplePortsWithWccp2
Regardt
