On Tue, 19 Apr 2011 11:35:18 -0700 (PDT), Daniel Shelton wrote:
> Hello anyone,
>
> I am trying to get squid 3.1 to work with Centos 5.5 and Cisco ASA
> using WCCP.
>
> The ASA has the cache session established.  I see traffic on the
> Centos box on eth0 (gre traffic) and I see traffic on the gre1
> interface (raw client traffic).
>
> Take a look at the following:
>
> [root_at_squidbox ~]#iptables -t nat -L -v
>
> bytes target     prot opt in     out     source
> destination
>   741 41532 DNAT       tcp  --  gre1   any     anywhere
> anywhere            tcp dpt:http to:0.0.0.0:3129
 One thing that always troubles me. The failure reports always seem to 
 mention an interface. Yet the wiki examples written by people with 
 working configs do not mention one.
 Your rule appears to be matching packets, so I assume its okay. Just 
 something to be aware of.
 With GRE you have to be extremely careful where the OS thinks the 
 packet is coming from. It seems to vary between kernel implementations 
 and versions whether the gre or eth NIC is the one seen during NAT.
>
> Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target     prot opt in     out     source
> destination
>    20  1952 MASQUERADE  all  --  any    any     anywhere
> anywhere
>
> Chain OUTPUT (policy ACCEPT 20 packets, 1952 bytes)
> pkts bytes target     prot opt in     out     source
> destination
>
>
> [root_at_squidbox ~]# ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:13:72:FA:45:EB
>           inet addr:172.23.1.2  Bcast:172.23.1.255  
> Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:14361 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:675 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:1467426 (1.3 MiB)  TX bytes:95311 (93.0 KiB)
>           Interrupt:169 Memory:f8000000-f8012800
>
> gre1      Link encap:UNSPEC  HWaddr
> AC-17-01-02-00-00-00-00-00-00-00-00-00-00-00-00
>           inet addr:1.2.3.4  P-t-P:1.2.3.4  Mask:0.0.0.0
>           UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
>           RX packets:5884 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:326353 (318.7 KiB)  TX bytes:0 (0.0 b)
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:1701 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1701 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:2704276 (2.5 MiB)  TX bytes:2704276 (2.5 MiB)
>
> [root_at_squidbox ~]# cat /proc/sys/net/ipv4/ip_forward
> 1
> [root_at_squidbox ~]# cat /proc/sys/net/ipv4/conf/default/rp_filter
> 0
> [root_at_squidbox ~]# cat /proc/sys/net/ipv4/conf/eth0/rp_filter
> 0
> [root_at_squidbox ~]# cat /proc/sys/net/ipv4/conf/gre1/rp_filter
> 0
>
>
> The problem I have is that the Squid Proxy does not ever seem to
> receive the traffic forwarded to it by iptables.  The proxy is
> listening on 0.0.0.0:3129, but a debug results in "Engine is idle".
 What is the exact message displayed by Squid about that port during 
 startup or reconfigure?
 Amos
Received on Wed Apr 20 2011 - 01:08:39 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 20 2011 - 12:00:03 MDT