[squid-users] RE: Squid sending Destination Unreachable to router WCCP2

Please don't ignore my request. I have already done a lot of Googling. Please spare some time and guide me. I don't know how to ask questions here and posted everything I could. > From: akshayj@live.com > To: squid-users@squid-cache.org > Subject: Squid sending Destination Unreachable to router WCCP2 > Date: Sat, 7 Sep 2013 17:14:57 +0530 > > I am desperately trying to use Squid(3.3.3) with WCCP2 (Cisco2921). Although it's not working right now but I think I am really close. > > Router has 3 interfaces and the config is this: > ! > ip wccp web-cache password 7 01100F175804 > ! > interface GigabitEthernet0/0 > ip address 187.72.34.82 255.255.255.248 > ip nat outside > ip virtual-reassembly in > duplex auto > speed auto > ! > interface GigabitEthernet0/1 > ip address 192.168.1.1 255.255.255.0 > ip nat inside > ip virtual-reassembly in > duplex auto > speed auto > ! > interface GigabitEthernet0/2 > ip address 172.16.1.1 255.255.255.0 > ip wccp web-cache redirect in > ip nat inside > ip virtual-reassembly in > duplex auto > speed auto > ! > ip nat inside source list NATTABLE_HOSTS interface GigabitEthernet0/0 od > ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 > ! > ip access-list standard NATTABLE_HOSTS > permit 192.168.0.0 0.0.255.255 > permit 172.16.0.0 0.0.255.255 > permit 10.0.0.0 0.255.255.255 > > > Squid is compiled with following options: > configure > options: '--prefix=/usr' '--includedir=/usr/include' > '--datadir=/usr/share' '--bindir=/usr/sbin' > '--libexecdir=/usr/lib/squid' '--localstatedir=/var' > '--sysconfdir=/etc/squid3' '--enable-delay-pools' '--enable-ssl-crtd' > '--enable-linux-netfilter' '--enable-eui' '--enable-snmp' > '--enable-gnuregex' '--enable-icmp' '--with-logdir=/var/log/squid/' > '--enable-referer-log' '--enable-cache-digests' '--enable-wccp' > '--enable-wccpv2' '--enable-ssl' --enable-ltdl-convenience > > > Squid.conf: > http_port 192.168.1.2:3129 intercept > http_port 192.168.1.2:3128 > > wccp2_router 192.168.1.1 > wccp2_forwarding_method gre > wccp2_return_method gre > wccp2_service standard 0 password=cisco > > Cache.log is also without any errors. > > On ubuntu 12.04 I have set the following rules (based on http://wiki.squid-cache.org/Features/Wccp2): > modprobe ip_gre > ip tunnel add wccp0 mode gre remote 187.72.34.82 local 192.168.1.2 dev eth0 > ifconfig wccp0 192.168.1.2 netmask 255.255.255.255 up > echo 0>/proc/sys/net/ipv4/conf/wccp0/rp_filter > echo 0>/proc/sys/net/ipv4/conf/eth0/rp_filter > echo 1>/proc/sys/net/ipv4/ip_forward > iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j REDIRECT --to-port 3129 > iptables -t nat -A POSTROUTING -j MASQUERADE > > > With all this setup, client browser keeps on loading and loading and finally says server taking too long to respond etc. > On the squid machine, via wireshark, I can see that a lot of "destination unreachable" messages are sent from squid to router when I visit some website on browser. > From: 192.168.1.2 to 192.168.1.1 [port unreachable] > > When I manually set proxy IP in browser it works(websites open fine).I could also see HereIAm and ISeeYou messages flowing fine. > > Please guide me on where am I missing. Let me know if more details are required.
Received on Sun Sep 08 2013 - 06:29:58 MDT