Re: [squid-users] transparent proxy not working!! any advice?

From: Roland Roland <R_O_L_A_N_D_at_hotmail.com>
Date: Mon, 5 Jan 2009 00:17:11 +0200

Hello,
the output of the debugging is as such:

*Jan 4 23:16:43.205: WCCP-EVNT:D90: Here_I_Am packet from 192.168.0.183:
service not active
*Jan 4 23:16:43.205: WCCP-EVNT:D80: Here_I_Am packet from 192.168.0.183:
service not active

what service is that?!

--------------------------------------------------
From: "Regardt van de Vyver" <squid_at_vdvyver.net>
Sent: Sunday, January 04, 2009 9:33 PM
Cc: <squid-users_at_squid-cache.org>
Subject: Re: [squid-users] transparent proxy not working!! any advice?

> Roland Roland wrote:
>> i've just created a new box with the following options:
>> but wccp with router is still not working!
>> any advice?
>>
>>
>> using centos 5.2
>> and squid 2.6
>> firewall enabled
>> SElinux permissive
>> -------------------------------------------------------
>> done the following:
>>
>> yum update yum
>>
>> yum install squid
>>
>> squid -z
>> -------------------------------------------------------
>> gedit /etc/rc.d/init.d/rc.local
>>
>> #added:
>> modprobe ip_gre
>> ifconfig gre0 192.168.0.183 netmask 255.255.255.0 up
>> #this is the same ip as my eth0
>>
>> ----------------------------------------------------
>> gedit /etc/sysconfig/iptables
>>
>> #added:
>> -A INPUT -i gre0 -j ACCEPT
>> -A INPUT -i gre0 -j ACCEPT
>> -A INPUT -p gre -j ACCEPT
>> #my routers lan interface 192.168.0.1
>> -A RH-Firewall-1-INPUT -s 192.168.0.1/24 -p udp -m udp --dport 2048 -j
>> ACCEPT
>> -------------------------------------------------------
>> service iptables condrestart
>> --------------------------------------------------------
>> gedit /etc/squid/squid.conf
>>
>> #edited/added the follwoing:
>> http_port 80 transparent
>> http_access allow all
>> wccp2_router 192.168.0.1
>> wccp_version 4
>> wccp2_rebuild_wait on
>> wccp2_forwarding_method 1
>> wccp2_return_method 1
>> wccp2_assignment_method 1
>> wccp2_service dynamic 80
>> wccp2_service dynamic 90
>> wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
>> ports=80
>> wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
>> priority=240 ports=80
>> ----------------------------------------------------------
>> Cisco router 2811 side:
>>
>> conf t
>> ip wccp version 2
>> ip wccp web-cache
>>
>> int f0/1 (Lan interface)
>> ip wccp 80 redirect in
>> ip wccp 90 redirect out
>> ----------------------------------------------------------
>> service squid restart
>>
>> then sh ip wccp on router gave me all hits as 0 no hits from squid to
>> router!!
>> ----------------------------------------------------------
>>
>> service iptables status
>>
>> [root_at_localhost ~]# service iptables status
>> Table: filter
>> Chain INPUT (policy ACCEPT)
>> num target prot opt source destination
>> 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
>> 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>> 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>> 4 ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
>>
>> Chain FORWARD (policy ACCEPT)
>> num target prot opt source destination
>> 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
>>
>> Chain OUTPUT (policy ACCEPT)
>> num target prot opt source destination
>>
>> Chain RH-Firewall-1-INPUT (2 references)
>> num target prot opt source destination
>> 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>> 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
>> type
>> 255
>> 3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
>> 4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
>> 5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
>> dpt:5353
>> 6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> dpt:631
>> 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> dpt:631
>> 8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
>> RELATED,ESTABLISHED
>> 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
>> NEW
>> tcp dpt:22
>> 10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
>> NEW
>> tcp dpt:80
>> 11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
>> NEW
>> tcp dpt:5900
>> 12 ACCEPT udp -- 192.168.0.0/24 0.0.0.0/0 udp
>> dpt:2048
>> 13 REJECT all -- 0.0.0.0/0 0.0.0.0/0
>> reject-with icmp-host-prohibited
>>
>>
>> ---------------------------------------------------------------------------
>>
>>
>> lsmod:
>>
>> Module Size Used by
>> ip_conntrack_netbios_ns 6977 0
>> xt_state 6209 4
>> ip_conntrack 53025 2 ip_conntrack_netbios_ns,xt_state
>> nfnetlink 10713 1 ip_conntrack
>> iptable_filter 7105 1
>> ip_tables 17029 1 iptable_filter
>> ip6table_filter 6849 1
>> ip6_tables 18053 1 ip6table_filter
>> nls_utf8 6208 1
>> ip_gre 16737 0
>> autofs4 24517 2
>> hidp 23105 2
>> rfcomm 42457 0
>> l2cap 29505 10 hidp,rfcomm
>> bluetooth 53797 5 hidp,rfcomm,l2cap
>> sunrpc 144893 1
>> ipt_REJECT 9537 1
>> ip6t_REJECT 9409 1
>> xt_tcpudp 7105 15
>> x_tables 17349 6
>> xt_state,ip_tables,ip6_tables,ipt_REJECT,ip6t_REJECT,xt_tcpudp
>> dm_multipath 22089 0
>> video 21193 0
>> sbs 18533 0
>> backlight 10049 1 video
>> i2c_ec 9025 1 sbs
>> button 10705 0
>> battery 13637 0
>> asus_acpi 19289 0
>> ac 9157 0
>> ipv6 258273 17 ip6t_REJECT
>> xfrm_nalgo 13765 1 ipv6
>> crypto_api 11969 1 xfrm_nalgo
>> lp 15849 0
>> floppy 57125 0
>> i2c_piix4 12237 0
>> pcnet32 35141 0
>> pcspkr 7105 0
>> i2c_core 23745 2 i2c_ec,i2c_piix4
>> mii 9409 1 pcnet32
>> ide_cd 40033 1
>> cdrom 36705 1 ide_cd
>> parport_pc 29157 1
>> serio_raw 10693 0
>> parport 37513 2 lp,parport_pc
>> dm_snapshot 21477 0
>> dm_zero 6209 0
>> dm_mirror 29125 0
>> dm_mod 61405 9
>> dm_multipath,dm_snapshot,dm_zero,dm_mirror
>> ata_piix 22341 0
>> libata 143997 1 ata_piix
>> sd_mod 24897 0
>> scsi_mod 134605 2 libata,sd_mod
>> ext3 123593 2
>> jbd 56553 1 ext3
>> uhci_hcd 25421 0
>> ohci_hcd 23261 0
>> ehci_hcd 33357 0
>>
>> ------------------------------------------------------------------------
>>
>> ifconfig:
>>
>> [root_at_localhost ~]# ifconfig
>> eth0 Link encap:Ethernet HWaddr 00:0C:29:F8:D0:AF
>> inet addr:192.168.0.183 Bcast:192.168.0.255 Mask:255.255.255.0
>> inet6 addr: fe80::20c:29ff:fef8:d0af/64 Scope:Link
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> RX packets:29956 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:11948 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:3673892 (3.5 MiB) TX bytes:7234153 (6.8 MiB)
>> Interrupt:169 Base address:0x2000
>>
>> gre0 Link encap:UNSPEC HWaddr
>> 00-00-00-00-B2-BF-68-33-00-00-00-00-00-00-00-00
>> inet addr:192.168.0.183 Mask:255.255.255.0
>> UP RUNNING NOARP MTU:1476 Metric:1
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>>
>> lo Link encap:Local Loopback
>> inet addr:127.0.0.1 Mask:255.0.0.0
>> inet6 addr: ::1/128 Scope:Host
>> UP LOOPBACK RUNNING MTU:16436 Metric:1
>> RX packets:2926 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:2926 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:3257748 (3.1 MiB) TX bytes:3257748 (3.1 MiB)
>>
>> -------------------------------------------------------------------------------
>>
>>
> Hi Roland,
>
> Have you had a look at the WCCP debugging messages on the Cisco?
> eg. on the cisco
> debug ip wccp events
> debug ip wccp packets
> terminal monitor
>
> That should give you some indication of wccp activity, also what does "sh
> ip wccp web-cache detail" show?
>
> Regardt
>
>
Received on Sun Jan 04 2009 - 22:17:23 MST

This archive was generated by hypermail 2.2.0 : Mon Jan 05 2009 - 12:00:02 MST