Hi Amos,
Thank you very much.
This is ifconfig result of the squid server.
But it works in transparent mode. but why not in tproxy ?
eth0 Link encap:Ethernet HWaddr
inet addr:xx.xx.xx.xx Bcast:xx.xx.xx.xx Mask:255.255.255.252
inet6 addr: fe80::21a:4bff:fe34:9af0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2435572 errors:0 dropped:0 overruns:0 frame:0
TX packets:2694449 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1371738325 (1.2 GiB) TX bytes:1495109099 (1.3 GiB)
Interrupt:16 Memory:f8000000-f8012100
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2715 errors:0 dropped:0 overruns:0 frame:0
TX packets:2715 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:216227 (211.1 KiB) TX bytes:216227 (211.1 KiB)
wccp Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:xx.xx.xx.xx P-t-P:xx.xx.xx.xx Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
RX packets:1298005 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:142161462 (135.5 MiB) TX bytes:0 (0.0 b)
WCCP -- GRE tunnel interface.
Thanks,
vk
vivek...@aol.in wrote:
Amos,
Thanks again for your reply.
We have configured squid + Tproxy + WCCP and client ip is redirect to
the web server, but browser shows a connection timeout(110) error and
it
takes a long time even to display this error message. The access.log
shows long timestamp value.
forward log shows the request has been forwarded. Squid wotks
perfectly
fine when configured as transparent proxy.
Aha. Check MTUs. This type of forwarded and no reply issue is usually
seen on links where MTU-discovery is broken.
It may be that there are ICMP info packets being sent to the client
instead of Squid.
Amos
We need your valuable advice and if possible can you point out few
areas
where are all the possibilities for the problems to arise.
Thanks,
vk
vivek...@aol.in wrote:
Amos,
Thanks for your reply.
Sorry, we are not using TPROXY but cttporxy 2.6.20-2.0.6, iptables
1.3.8
and linux kernal 2.6.20.21.
Cisco IOS 2800 Ver 12.4 (13b)
WCCP+Tranparent proxy works good. Trproxy without wccp works well by
not
revealing the server ip and only displaying the client ip. But once
the
wccp is enabled with tproxy, the sever ip is revealed instead of the
client ip.
Please scroll down below to check our previous mails.
Any suggestions please.
Other than checking your squid is built with --enable-linux-tproxy,
none
from me sorry.
cttproxy was obsolete and officially unsupported before I ever heard
of it.
Amos
VK
-----Original Message-----
From: Amos Jeffries <squ...@treenet.co.nz>
To: Ritter, Nicholas <nicholas.rit...@americantv.com>
Cc: vivek...@aol.in; squid-users@squid-cache.org
Sent: Sat, 10 Jan 2009 8:06 am
0ASubject: Re: [squid-users] Re: WCCP configuration
Ritter, Nicholas wrote:
With TProxy, I think you need to use Squid3-HEAD to reliably fix
your
issue....Amos would know for sure.
Nick
Yes. Squid-2.* has no support for TPROXY v4.1+
3.1.0.3 or later is needed. Which is at least an RC beta now, more
stable that pure 3.HEAD alpha code.
Also the squid.conf and configure details have changed.
http://wiki.squid-cache.org/Features/Tproxy4
Amos
________________________________
From: vivek...@aol.in [mailto:vivek...@aol.in]
Sent: Fri 1/9/2009 8:39 A
M
To: hen...@henriknordstrom.net
Cc: squid-users@squid-cache.org; squ...@treenet.co.nz
Subject: [squid-users] Re: WCCP configuration
Hi,
Thanks for the reply. It did help us solve the problem.
But there is a new issue.
We have configured as squid+tproxy. The squid ip is not displayed
and
only the client ip is displayed when we do the proxy test. But
after
configuring wccp we find that the server ip is displayed in the
proxy
test instead of the client ip.
We also find that the http request is pathetically slow.
squid.conf
=0
A
wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
ports=80
wccp2_service dynamic 90
wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
priority=240 ports=80
http_port 3128 transparent tproxy
iptable:
/usr/local/sbin/iptables -t tproxy -A PREROUTING -i wccp -p tcp -m
tcp
--dport 80 -j TPROXY --on-port 3128
We created a gre tunnel based on the router identifier.
wccp2_router xx.xx.xxx.xx (ip of router interface connected to
squid
machine)
The following command is assigned at the router interface connected
=0
Ato
the lan.
ip wccp 80 redirect in
ip wccp 90 redirect out
Following command at the router interface connected to squid.
ip wccp redirect exclude in
Router : Cisco IOS Software, 2800 Software
(C2800NM-ADVIPSERVICESK9-M),
Version 12.4(13b)
Kernel : linux-2.6.20.21
IPtable : iptables-1.3.8
Os Ver : squid-2.7 Stable 5
#lsmod
ip_gre 19616 0
iptable_filter 11136 0
ipt_TPROXY 11136 1
ipt_REDIRECT 10624
0
xt_tcpudp 11904 1
reiserfs 235144 5
iptable_tproxy 23036 2 ipt_TPROXY
iptable_nat 15492 1 iptable_tproxy
ip_nat 24620 3
ipt_REDIRECT,iptable_tproxy,iptable_nat
ip_tables 25448 3
iptable_filter,iptable_tproxy,iptable_nat
x_tables 23560 5
ipt_TPROXY,ipt_REDIRECT,xt_tcpudp,iptable_nat,ip_tables
ip_conntrack 53400 3 iptable_tproxy,iptable_nat,ip_nat
The internet works, b
ut the browsing is dead slow. Temporarily we have
bypassed squid to browse the net.
Thanks
VK
-----Original Message-----
From: Henrik Nordstrom <hen...@henriknordstrom.net>
To: vivek...@aol.in
Cc: squ...@treenet.co.nz; squid-users@squid-cache.org
Sent: Thu, 8 Jan 2009 12:05 am
Subject: Re: WCCP configuration
ons 2009-01-07 klockan 08:46 -0500 skrev vivek...@aol.in:
wccp2_router xxx.xx.xxx.xxx
wccp_version 4
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service dynamic 8
0
wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
ports=80
wccp2_service dynamic 90
wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
priority=240 ports=80
Router Eth0 - connected to lan. Eth1 - connecte to squid.
Have you also configured
* A loopback address on the router, giving it a easily identified
router
ID
* the required GRE/WCCP tunnel interface on the Squid server
* disabled rp_filter on the above GRE/WCCP interface.
* And adjusted the REDIRECT/NAT rules to act on traffic=2
0received on the
GRE/WCCP interface configured above?
Service Identifier: web-cache
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 11336
Process: 0
Fast: 0
CEF: 11336
Looks fine.
=0
A
Is there any simple way of configuring WCCP. We have beating round
the
bush all day long to configure wccp.
WCCP as such is configured. But something is missing in the
interception
at the proxy. Most likely the GRE interface mentioned above.
Regards
Henrik
________________________________________________________________________
You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
<http://webmail.aol.in/>
--
Please be using
Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
Current Beta Squid 3.1.0.3
________________________________________________________________________
You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
--
Please be using
Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
Current Beta Squid 3.1.0.3
________________________________________________________________________
You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
--
Please be using
Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
Current Beta Squid 3.1.0.3
________________________________________________________________________
You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
