If my assumptions is right then this docs should provide the needed info for me to review the wccp settings: http://www.cisco.com/en/US/docs/routers/7600/ios/15S/configuration/guide/wccp.html
If not can you try to find the corresponding IOS wccp docs for me? I would be happy to read the docs and try to understand the issue in hands to make sure what IOS and what cli commands are a match for the problem. Thanks, Eliezer On 09/24/2013 09:32 AM, Jordan Dalley wrote: > Hi Eliezer, > > I must admit I skimmed through that as it appeared different to anything else > I'd seen elsewhere. > > IOS version is 15.0(1)M10 > > Cheers, > J. > > -----Original Message----- > From: Eliezer Croitoru [mailto:[email protected]] > Sent: Tuesday, 24 September 2013 3:30 PM > To: [email protected] > Subject: Re: [squid-users] RE: WCCP issues with Centos 6.3 and Cisco 2901 > > Before saying this or that, did you had the chance of looking at: > http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2 > ?? > What version of IOS the 2901 has on it? > > Eliezer > > On 09/24/2013 02:31 AM, Jordan Dalley wrote: >> Thanks for your reply Bob, >> >> I tried what you said - completely removed any ifcfg-gre0 config and simply >> ran the commands: >> >> ifconfig gre0 inet 1.1.1.1 netmask 255.255.255.0 up iptables -F -t nat >> iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j DNAT >> --to-destination 10.112.4.4:3127 >> >> On the router side (I had to modify your acl's a bit) >> >> ip access-list standard wccp-servers >> permit host 10.112.4.4 >> ip access-list extended wccp-traffic >> permit tcp 10.114.32.0 0.0.7.255 any eq www >> >> ip wccp web-cache redirect-list wccp-traffic group-list wccp-servers >> >> Upon inspection, I can see the router forwarding packets through the gre >> tunnel: >> >> [root@tsv-squid1 ~]# tcpdump -i gre0 >> tcpdump: verbose output suppressed, use -v or -vv for full protocol >> decode listening on gre0, link-type LINUX_SLL (Linux cooked), capture >> size 65535 bytes >> 20:40:04.370754 IP 10.114.32.51.62007 > 190.93.248.164.http: Flags >> [S], seq 2779756886, win 8192, options [mss 1460,nop,wscale >> 2,nop,nop,sackOK], length 0 >> 20:40:04.370861 IP 10.114.32.51.62008 > 190.93.248.164.http: Flags >> [S], seq 1665803222, win 8192, options [mss 1460,nop,wscale >> 2,nop,nop,sackOK], length 0 >> 20:40:07.381696 IP 10.114.32.51.62007 > 190.93.248.164.http: Flags >> [S], seq 2779756886, win 8192, options [mss 1460,nop,wscale >> 2,nop,nop,sackOK], length 0 >> 20:40:07.381779 IP 10.114.32.51.62008 > 190.93.248.164.http: Flags >> [S], seq 1665803222, win 8192, options [mss 1460,nop,wscale >> 2,nop,nop,sackOK], length 0 >> 20:40:13.387792 IP 10.114.32.51.62007 > 190.93.248.164.http: Flags >> [S], seq 2779756886, win 8192, options [mss 1460,nop,nop,sackOK], >> length 0 >> 20:40:13.387812 IP 10.114.32.51.62008 > 190.93.248.164.http: Flags >> [S], seq 1665803222, win 8192, options [mss 1460,nop,nop,sackOK], >> length 0 >> >> Here's the weird thing.. >> >> [root@tsv-squid1 ~]# ifconfig gre0 >> gre0 Link encap:UNSPEC HWaddr >> 00-00-00-00-00-00-82-12-00-00-00-00-00-00-00-00 >> inet addr:1.1.1.1 Mask:255.255.255.0 >> UP RUNNING NOARP MTU:1476 Metric:1 >> RX packets:143 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:0 >> RX bytes:7136 (6.9 KiB) TX bytes:0 (0.0 b) >> >> Note my GRE tunnel is not transmitting, only receiving. >> >> I can confirm, ip forwarding is enabled. >> >> [root@tsv-squid1 ~]# cat /proc/sys/net/ipv4/ip_forward >> 1 >> [root@tsv-squid1 ~]# >> >> Cheers, >> J. >> >> -----Original Message----- >> From: Luderitz Bob [mailto:[email protected]] >> Sent: Tuesday, 24 September 2013 1:38 AM >> To: [email protected] >> Subject: [squid-users] RE: WCCP issues with Centos 6.3 and Cisco 2901 >> >> Hey Jordan, I am running a similar config with wccp and CentOS 6.3 with >> Cisco routers. >> >> Your config looks close to what I have but I use the built-in gre0 >> tunnel so don't have the interface explicitly setup just have it in rc.local >> like this: >> ifconfig gre0 inet 1.2.3.4 netmask 255.255.255.0 up >> echo 1 > /proc/sys/net/ipv4/ip_forward >> (same iptables statement as you have) >> iptables -F -t nat >> iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j >> DNAT --to-destination 10.80.166.227:3127 >> >> From the router - I did not set the config up but have to documentation >> and have these additional statements defined to force http traffic to the >> squid - 166.227) >> access-list wccp-servers extended permit ip host 10.80.166.227 any >> access-list wccp-traffic extended permit tcp object-group >> DM_INLINE_NETWORK_7 any eq www >> wccp web-cache redirect-list wccp-traffic group-list wccp-servers >> >> hope this helps.... >> >> -----Original Message----- >> From: Jordan Dalley [mailto:[email protected]] >> Sent: Monday, September 23, 2013 6:17 AM >> To: >> Subject: [squid-users] WCCP issues with Centos 6.3 and Cisco 2901 >> >> Hi Squid community, >> >> I have an issue whereby I am just struggling to find out why it wont work. >> >> I have trawled through multiple forums, howto's, faq's etc but no matter >> what I do, I cannot get it to work properly. >> >> Here is what I have done so far: >> >> Router IP: 10.114.3.34 >> Squid IP: 10.112.4.4 >> WAN Subnet: 10.112.0.0 / 255.252.0.0 >> >> Squid Config: >> >> http_port 3127 intercept >> wccp2_router 10.114.3.34 >> wccp2_forwarding_method gre >> wccp2_return_method gre >> wccp2_service standard 0 >> >> Confirm I can access and use port 3127 directly without issue from any >> location in the WAN. >> >> Router Config: >> >> ip wccp web-cache >> interface G0/1 >> !Inside interface >> ip wccp web-cache redirect in >> >> Added to sysctl.conf: >> >> # Controls IP packet forwarding >> net.ipv4.ip_forward = 1 >> >> # Controls source route verification >> net.ipv4.conf.default.rp_filter = 0 >> net.ipv4.conf.eth0.rp_filter = 0 >> net.ipv4.conf.eth0.ip_filter = 0 >> net.ipv4.conf.gre0.rp_filter = 0 >> net.ipv4.conf.gre0.ip_filter = 0 >> >> Added to /etc/sysconfig/network-scripts/ifcfg-gre0 >> >> DEVICE=gre0 >> BOOTPROTO=static >> IPADDR=127.0.0.2 >> NETMASK=255.255.255.0 >> ONBOOT=YES >> IPV6INIT=NO >> >> Linux Configuration: >> >> modprobe ip_gre >> ifup gre0 >> iptables -t nat -F >> iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j DNAT >> --to-destination 10.112.4.4:3127 >> >> If, I then do a tcpdump -i gre0 I can see packets flowing through this >> interface with destination port 80. Unfortunately it seems as if they are >> somehow not being natted to the squid server. >> >> I've tried different varying methods of doing this, but none of them seem to >> work. >> >> Does anyone have any ideas? >> >> Regards, >> Jordan. >> >> ______________________________________________________ >> >> NIPRO GLASS >> ______________________________________________________ >> >> CAUTION - This message may contain privileged and confidential information >> intended only for the use of the addressee named above. If you are not the >> intended recipient of this message you are hereby notified that any use, >> dissemination, distribution or reproduction of this message is prohibited. >> If you have received this message in error please notify NIPRO GLASS >> immediately. Any views expressed in this message are those of the individual >> sender and may not necessarily reflect the views of NIPRO GLASS. >> >> > > >
