Re: [squid-users] WCCPv2 GRE with 2.6 on Linux
On Sat, Sep 02, 2006, Stephen Fletcher wrote: Hi I have compiled the Debian Unstable package of Squid 2.6.3 and cannot get WCCPv2 GRE working. I have built with standard confiure options so WCCPv2 support should be available. I configure my wccp2_router and leave it as other default wccp2 options such that it is using ID 0 and GRE. I see the squid proxy ip has register itself with my Pix. However when GRE packets are sent to the Squid cache there is no response from Squid. I can't see squid listening on protocol 47, and nothing shows in the squid access.log. Can you post a squid -v? I've been running squid-2.6 and squid-3 with wccpv2 and it works fine. The thing I initially forgot was --enable-linux-netfilter. It'll run; it just won't work. :) Registered with Pix... WCCP-PKT:S00: Received valid Here_I_Am packet from 172.16.1.7 w/rcv_id 1AA4 WCCP-PKT:S00: Sending I_See_You packet to 172.16.1.7 w/ rcv_id 1AA5 I also decided to try using the ip_wccp module instead of ip_gre but it wouldn't compile with 2.6.17.8. I would prefer to not pursue this method however. Have you bought up a 'fake' gre interface just so the kernel will handle incoming GRE? also, have you turned on ip forwarding and turned off rp_filter ? adrian
RE: [squid-users] WCCPv2 GRE with 2.6 on Linux
My config options configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' '--enable-async-io' '--with-pthreads' '--enable-storeio=ufs,aufs,diskd,null' '--enable-linux-netfilter' '--enable-linux-proxy' '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--enable-underscores' '--enable-referer-log' '--enable-useragent-log' '--enable-auth=basic,digest,ntlm' '--enable-carp' '--with-large-files' 'i386-debian-linux' 'build_alias=i386-debian-linux' 'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux' -Original Message- From: Adrian Chadd [mailto:[EMAIL PROTECTED] Sent: Saturday, 2 September 2006 12:46 PM To: Stephen Fletcher Cc: squid-users@squid-cache.org Subject: Re: [squid-users] WCCPv2 GRE with 2.6 on Linux On Sat, Sep 02, 2006, Stephen Fletcher wrote: Hi I have compiled the Debian Unstable package of Squid 2.6.3 and cannot get WCCPv2 GRE working. I have built with standard confiure options so WCCPv2 support should be available. I configure my wccp2_router and leave it as other default wccp2 options such that it is using ID 0 and GRE. I see the squid proxy ip has register itself with my Pix. However when GRE packets are sent to the Squid cache there is no response from Squid. I can't see squid listening on protocol 47, and nothing shows in the squid access.log. Can you post a squid -v? I've been running squid-2.6 and squid-3 with wccpv2 and it works fine. The thing I initially forgot was --enable-linux-netfilter. It'll run; it just won't work. :) Registered with Pix... WCCP-PKT:S00: Received valid Here_I_Am packet from 172.16.1.7 w/rcv_id 1AA4 WCCP-PKT:S00: Sending I_See_You packet to 172.16.1.7 w/ rcv_id 1AA5 I also decided to try using the ip_wccp module instead of ip_gre but it wouldn't compile with 2.6.17.8. I would prefer to not pursue this method however. Have you bought up a 'fake' gre interface just so the kernel will handle incoming GRE? also, have you turned on ip forwarding and turned off rp_filter ? adrian
Re: [squid-users] WCCPv2 GRE with 2.6 on Linux
Just to compare: Squid Cache: Version 3.0.PRE4-CVS (same options for 2.6 work fine.) configure options: '--prefix=/usr/local/squid' '--enable-storeio=ufs aufs null' '--enable-linux-netfilter' Config: cache_effective_user adrian wccp2_service standard 0 #wccp2_service dynamic 80 #wccp2_service_info 80 protocol=tcp ports=80 priority=240 tcp_outgoing_address 203.56.15.78 wccp2_router 192.168.1.1:2048 http_port 192.168.1.10:3128 transparent vport=80 http_port localhost:3128 (I have this server doing wccp on a NATted interface; so it has a non-NATted public IP for external outbound connections..) Then: [EMAIL PROTECTED]:~/work/squid3# cat /root/wccp.sh #!/bin/sh ifconfig gre0 inet 1.2.3.4 netmask 255.255.255.0 up echo 1 /proc/sys/net/ipv4/ip_forward echo 0 /proc/sys/net/ipv4/conf/default/rp_filter echo 0 /proc/sys/net/ipv4/conf/all/rp_filter echo 0 /proc/sys/net/ipv4/conf/eth0/rp_filter echo 0 /proc/sys/net/ipv4/conf/lo/rp_filter echo 0 /proc/sys/net/ipv4/conf/gre0/rp_filter iptables -F -t nat # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128 eth0 is external, eth1 is internal. Cisco config is simple - enable wccp2 + web-cache, ip wccp web-cache redirect in on the internal interface. I've not got a spare PIX/ASA device here to try it against. Adrian