Try this:
iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j
DNAT --to-destination
On Sun, Feb 8, 2009 at 1:39 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
> Ramzi Abdallah wrote:
>>
>> I am trying with no luck to setup squid Version 3.0.STABLE10 (Fedora core 9)
>> with wccp2. The configuration seems to be ok at least this is what the debug
>> logs are showing however squid does not receive any traffic. I tested squid
>> by pointing the browser to its IP and it works fine.
>>
>> GRE tunnel and iptables configuration:
>> --------------------------------------
>> ip tunnel add wccp0 mode gre remote 192.168.114.250 local 192.168.114.15 dev
>> eth0
>> ip addr add 192.168.114.15/32 dev wccp0
>> ip link set wccp0 up
>>
>> iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j REDIRECT
>> --to-port 3128
>>
>>
>> for some reason iptables -L is not showing anything
>
> iptables by default shows "-t filter"
>
> try: iptables -t nat -L
>
>
>>
>> squid configuration:
>> -------------------
>> http_port 192.168.114.15:3128 transparent
>> wccp2_router 192.168.114.250
>> wccp2_forwarding_method 1
>> wccp2_return_method 1
>> wccp2_service standard 0
>>
>>
>> GRE tunnel on the squid server
>> -------------------------------
>> wccp0 Link encap:UNSPEC HWaddr
>> C0-A8-72-0F-62-00-F4-3F-00-00-00-00-00-00-00-00
>> inet addr:192.168.114.15 P-t-P:192.168.114.15
>> Mask:255.255.255.255
>> UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
>> RX packets:898 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:36632 (35.7 KiB) TX bytes:0 (0.0 b)
>>
>> tcpdump output
>> --------------
>> [root_at_mail ~]# tcpdump -i wccp0
>> tcpdump: WARNING: arptype 778 not supported by libpcap - falling back to
>> cooked socket
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on wccp0, link-type LINUX_SLL (Linux cooked), capture size 96
>> bytes
>> 12:55:08.548572 IP 192.168.114.24.58324 > 216.239.59.99.http: S
>> 1289957374:1289957374(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>> 12:55:11.528111 IP 192.168.114.24.58324 > 216.239.59.99.http: S
>> 1289957374:1289957374(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>> 12:55:17.530878 IP 192.168.114.24.58324 > 216.239.59.99.http: S
>> 1289957374:1289957374(0) win 8192 <mss 1460,nop,nop,sackOK>
>> 12:55:29.537282 IP 192.168.114.24.58325 > 216.239.59.103.http: S
>> 3738044508:3738044508(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>> 12:55:32.530428 IP 192.168.114.24.58325 > 216.239.59.103.http: S
>> 3738044508:3738044508(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>> 12:55:38.535350 IP 192.168.114.24.58325 > 216.239.59.103.http: S
>> 3738044508:3738044508(0) win 8192 <mss 1460,nop,nop,sackOK>
>> 12:55:50.547796 IP 192.168.114.24.58326 > 216.239.59.104.http: S
>> 1946578578:1946578578(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>> 12:55:53.558196 IP 192.168.114.24.58326 > 216.239.59.104.http: S
>> 1946578578:1946578578(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>> 12:55:59.580059 IP 192.168.114.24.58326 > 216.239.59.104.http: S
>> 1946578578:1946578578(0) win 8192 <mss 1460,nop,nop,sackOK>
>> 12:56:11.576625 IP 192.168.114.24.58334 > gv-in-f147.google.com.http: S
>> 2444367043:2444367043(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>> 12:56:14.587049 IP 192.168.114.24.58334 > gv-in-f147.google.com.http: S
>> 2444367043:2444367043(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>>
>> Cisco Router configuration
>> --------------------------
>> gatekeeper#sh ver
>> Cisco Internetwork Operating System Software
>> IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.3(18), RELEASE
>> SOFTWARE (fc3)
>> Technical Support: http://www.cisco.com/techsupport
>> Copyright (c) 1986-2006 by cisco Systems, Inc.
>> Compiled Wed 15-Mar-06 14:16 by dchih
>> Image text-base: 0x80008098, data-base: 0x81A0888C
>>
>> ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
>> ROM: C2600 Software (C2600-IK9O3S3-M), Version 12.3(18), RELEASE SOFTWARE
>> (fc3)
>>
>> gatekeeper uptime is 10 hours, 43 minutes
>> System returned to ROM by reload at 02:43:47 GMT Sun Feb 8 2009
>> System restarted at 02:46:30 GMT Sun Feb 8 2009
>> System image file is "flash:c2600-ik9o3s3-mz.123-18.bin"
>>
>>
>> interface FastEthernet0/0
>> description Office LAN
>> ip address 192.168.114.250 255.255.255.0
>> ip wccp web-cache redirect in
>> ip nat inside
>> ip nbar protocol-discovery
>> ip route-cache flow
>> duplex auto
>> speed auto
>>
>>
>> gatekeeper#sh ip wccp
>> Global WCCP information:
>> Router information:
>> Router Identifier: 192.168.114.250
>> Protocol Version: 2.0
>>
>> Service Identifier: web-cache
>> Number of Cache Engines: 1
>> Number of routers: 1
>> Total Packets Redirected: 30
>> Redirect access-list: -none-
>> Total Packets Denied Redirect: 0
>> Total Packets Unassigned: 0
>> Group access-list: -none-
>> Total Messages Denied to Group: 0
>> Total Authentication failures: 0
>>
>> ----
>> gatekeeper#sh ip wccp web-cache detail
>> WCCP Cache-Engine information:
>> Web Cache ID: 192.168.114.15
>> Protocol Version: 2.0
>> State: Usable
>> Initial Hash Info: 00000000000000000000000000000000
>> 00000000000000000000000000000000
>> Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>> FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>> Hash Allotment: 256 (100.00%)
>> Packets Redirected: 30
>> Connect Time: 04:21:48
>>
>>
>> Router wccp debug
>>
>> .Feb 7 21:11:09.541: WCCP-PKT:S00: Sending I_See_You packet to
>> 192.168.114.15 w/ rcv_id 00000377
>> .Feb 7 21:11:19.550: WCCP-PKT:S00: Received valid Here_I_Am packet from
>> 192.168.114.15 w/rcv_id 00000377
>> .Feb 7 21:11:19.550: WCCP-PKT:S00: Sending I_See_You packet to
>> 192.168.114.15 w/ rcv_id 00000378
>> .Feb 7 21:11:29.558: WCCP-PKT:S00: Received valid Here_I_Am packet from
>> 192.168.114.15 w/rcv_id 00000378
>> .Feb 7 21:11:29.558: WCCP-PKT:S00: Sending I_See_You packet to
>> 192.168.114.15 w/ rcv_id 00000379
>> .Feb 7 21:11:39.567: WCCP-PKT:S00: Received valid Here_I_Am packet from
>> 192.168.114.15 w/rcv_id 00000379
>
> Does the squid cache.log show anything similar?
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
> Current Beta Squid 3.1.0.5
Received on Sun Feb 08 2009 - 13:18:37 MST
This archive was generated by hypermail 2.2.0 : Sun Feb 08 2009 - 12:00:02 MST