Re: [squid-users] wccp and squid not working

a-o-a

have you you patched your freebsd kernel..???

--- Scott Pepple <pepple@keelantech.com> wrote:
> hello all,
>
> i'm trying to test out a squid/wccp configuration
> with a cisco 2600 (two
> ethernet interfaces) using wccp
>
> i've got a local network, 10.0.1.0 which is being
> nat'd to the outside
> world as 192.168.1.127 (ip addresses may be changed
> to protect the
> innocent)
>
> i enable wccp on the outside facing interface
> (192.168.1.127) with ip wccp
> web-cache redirect out
>
> on the inside network i've got a squid cache on a
> freebsd box (4.4) with
> the box doing the right ipfw stuff (and forwarding
> enabled in the kernel)
>
> > sudo ipfw show
> 00100 3246 189064 allow tcp from 10.0.1.24 to any
> out
> 00200 0 0 allow tcp from any 80 to any out
> 00300 1926 92448 fwd 127.0.0.1,8080 tcp from any to
> any 80 in
> 00400 288 249041 allow tcp from any 80 to 10.0.1.24
> in
> 00500 7159 564094 allow ip from any to any
> 65535 14 5584 deny ip from any to any
>
> (the deny shows matches in there just because i
> didn't clear the
> counters)
>
> i've got the squid.conf settings straight from the
> faq -
>
> wccp_router 10.0.1.254
> wccp_version 4
> httpd_accel_port 80
> httpd_accel_host virtual
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> a browser on a box on the inside network just spins
> and then dies
>
> tcpdump output freaks me out, it show's the router
> (10.0.1.254) routing
> what i assume are http requests over gre to the
> squid-box (10.0.1.20)...i
> don't get why there's no traffic out from the squid
> box except to
> eventually say icmp: time exceeded to the
> originating requestor.
>
>
> *********************
> 5:58:16.570492 10.0.1.254 > massive.truenorth.com:
> gre-proto-0x883E (gre
> encap)15:58:16.570516 10.0.1.20.1812 >
> 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss
> 1332,nop,nop,sackOK> (DF)
> 15:58:16.571442 10.0.1.254 > massive.truenorth.com:
> gre-proto-0x883E (gre
> encap)15:58:16.571466 10.0.1.20.1812 >
> 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss
> 1332,nop,nop,sackOK> (DF)
> 15:58:16.572453 10.0.1.254 > massive.truenorth.com:
> gre-proto-0x883E (gre
> encap)15:58:16.572476 10.0.1.20.1812 >
> 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss
> 1332,nop,nop,sackOK> (DF)
> 15:58:16.573402 10.0.1.254 > massive.truenorth.com:
> gre-proto-0x883E (gre
> encap)15:58:16.573426 10.0.1.20.1812 >
> 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss
> 1332,nop,nop,sackOK> (DF)
> 15:58:16.574413 10.0.1.254 > massive.truenorth.com:
> gre-proto-0x883E (gre
> encap)15:58:16.574436 10.0.1.20.1812 >
> 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss
> 1332,nop,nop,sackOK> (DF)
> 15:58:16.575362 10.0.1.254 > massive.truenorth.com:
> gre-proto-0x883E (gre
> encap)15:58:16.575385 10.0.1.20.1812 >
> 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss
> 1332,nop,nop,sackOK> (DF)
> 15:58:16.576372 10.0.1.254 > massive.truenorth.com:
> gre-proto-0x883E (gre
> encap)15:58:16.576396 10.0.1.20.1812 >
> 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss
> 1332,nop,nop,sackOK> (DF)
> 15:58:16.577323 10.0.1.254 > massive.truenorth.com:
> gre-proto-0x883E (gre
> encap)15:58:16.577367
> ********
> this goes on for a long time
> ********
> massive.truenorth.com > 10.0.1.20: icmp: time
> exceeded in-transit (DF)
>
> ********************
>
> i configured squid with --enable-wccp and
> --enable-ipf-transparent
>
>
> and i'm just wondering if i can do this with just
> two interfaces on the
> router, it seems to me that there's a loop somewhere
>
> thanks
> scott
>
>

=====
Regards,
Mohsin Khan
CCNA ( Cisco Certified Network Associate 2.0 )

>>>Happy is the who can smile<<<

__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com
Received on Sun Apr 28 2002 - 04:06:06 MDT