I actually have it working (GRE tunnel on FreeBSD 4.8-STABLE) using ipfw and not IPFilter. I'd like to know why the configuration doesn't work with IPFilter.
-----Original Message----- From: Raphael Maseko [mailto:[EMAIL PROTECTED] Sent: Monday, June 16, 2003 5:39 PM To: [EMAIL PROTECTED] I attempted that a month ago and I had a lot of errors ( I can't remember what they were now). I would appreciate pointers for me to try it again. Thanks. Ralph ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 16, 2003 11:31 AM Subject: RE: [squid-users] IPFilter + FreeBSD + WCCP > Hi Raphael, > > I have a couple of Squid servers running on FreeBSD 4.7-RELEASE with GRE > support. > > -----Original Message----- > From: Raphael Maseko [mailto:[EMAIL PROTECTED] > Sent: Monday, June 16, 2003 5:31 PM > To: [EMAIL PROTECTED] > > Hi, > I got it working on FreeBSD 4.6.2 with the help of the instructions on: > http://www.freebsd.org/cgi/query-pr.cgi?pr=i386/47813 and > http://www.geocrawler.com/archives/3/165/2002/10/0/10004885/ > > Try this: > > 1. download the gre.c and the wccp patch and apply them according to the FAQ > on http://www.squid-cache.org/Doc/FAQ/FAQ-17.html > 2. Rebuild the Kernel with "options GRE" > 3. Configure SQUID with --enable-ipf-transparent option > 4. Edit the /etc/rc.conf to enable ipnat: > ipnat_enable="YES" > ipnat_program="/sbin/ipnat" > ipnat_rules="/etc/ipnat.rules" > ipnat_flags="" > > 5. creat /etc/ipnat.rules with: > rdr fxp0 0.0.0.0/0 port 80 -> 208.224.179.254 port 3128 tcp (3128 can be > changed to your appropriate port) > > 6. Enable wccp on your router > > 7. run ipnat -l to see redirections > > Good luck > Ralph > > NB: > I did not add the "pseudo-device gre". I must say that I have trouble trying > to get WCCP working on 5.0 > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, June 16, 2003 11:12 AM > Subject: [squid-users] IPFilter + FreeBSD + WCCP > > > > Hi all, > > > > I'm running Squid 2.5-STABLE2 on a FreeBSD 4.8-STABLE machine compiled > with > > -enable-ipf-transparent (-STABLE doesn't have the IPFilter headers > installed > > in /usr/include/netinet, copied in manually). > > > > The kernel is compiled with `pseudo-device gre', followed instructions on > > squid-cache.org on how to setup a GRE tunnel from the server to the > router. > > The router can see the server but I couldn't see any redirection happening > > on the server (via `ipnat -l'). > > > > Here's my /etc/ipnat.rules: > > > > rdr gre0 0.0.0.0/0 port 80 -> 202.91.166.3 port 8080 tcp > > > > Here's the output ouf `ipnat -l': > > > > List of active MAP/Redirect filters: > > rdr gre0 0.0.0.0/0 port 80 -> 202.91.166.3 port 8080 tcp > > > > List of active sessions: > > > > (I also tried using `sis0' instead of `gre0' as the source interface but I > > still got the same result) > > > > Here's the output of `ifconfig -a': > > > > sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > > inet 202.91.166.3 netmask 0xffffffe0 broadcast 202.91.166.31 > > ether 00:e0:18:ec:cb:37 > > media: Ethernet autoselect (100baseTX <full-duplex>) > > status: active > > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > > inet 127.0.0.1 netmask 0xff000000 > > gre0: flags=9051<UP,POINTOPOINT,RUNNING,LINK0,MULTICAST> mtu 1476 > > tunnel inet 202.91.166.3 --> 202.91.166.1 > > inet 202.91.166.3 --> 202.91.166.1 netmask 0xffffffff > > > > Squid is running with the following credentials: user: nobody, group: > > nogroup. > > > > crw-rw---- 1 root nogroup 79, 0 Jun 16 17:02 /dev/ipl > > crw-rw---- 1 root nogroup 79, 1 Jun 16 17:02 /dev/ipnat > > > > The kernel was compiled using the following options: > > > > options IPFILTER > > options IPFILTER_LOG > > > > Here's my /etc/rc.local: > > > > #!/bin/sh > > # > > # $Id: rc.local,v 1.7 2003/06/16 07:51:49 root Exp $ > > > > SQUID_IP="202.91.166.3" > > ROUTER_IP="202.91.166.1" > > FW="/sbin/ipfw" > > > > ## Create GRE interface and tunnel WCCP packets through it > > ifconfig gre0 create > > ifconfig gre0 $SQUID_IP $ROUTER_IP netmask 255.255.255.255 up > > ifconfig gre0 tunnel $SQUID_IP $ROUTER_IP > > route delete $ROUTER_IP > > > > --- > > francis a. vidal [bitstop network services] | http://www.bnshosting.net > > streaming media + web hosting | http://www.bitstop.ph > > v(02)330-2871,(02)330-2872; f(02)330-2873 | http://www.kuro.ph
