On Tue, 19 Apr 2011 11:35:18 -0700 (PDT), Daniel Shelton wrote:
> Hello anyone,
>
> I am trying to get squid 3.1 to work with Centos 5.5 and Cisco ASA
> using WCCP.
>
> The ASA has the cache session established. I see traffic on the
> Centos box on eth0 (gre traffic) and I see traffic on the gre1
> interface (raw client traffic).
>
> Take a look at the following:
>
> [root_at_squidbox ~]#iptables -t nat -L -v
>
> bytes target prot opt in out source
> destination
> 741 41532 DNAT tcp -- gre1 any anywhere
> anywhere tcp dpt:http to:0.0.0.0:3129
One thing that always troubles me. The failure reports always seem to
mention an interface. Yet the wiki examples written by people with
working configs do not mention one.
Your rule appears to be matching packets, so I assume its okay. Just
something to be aware of.
With GRE you have to be extremely careful where the OS thinks the
packet is coming from. It seems to vary between kernel implementations
and versions whether the gre or eth NIC is the one seen during NAT.
>
> Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> 20 1952 MASQUERADE all -- any any anywhere
> anywhere
>
> Chain OUTPUT (policy ACCEPT 20 packets, 1952 bytes)
> pkts bytes target prot opt in out source
> destination
>
>
> [root_at_squidbox ~]# ifconfig
> eth0 Link encap:Ethernet HWaddr 00:13:72:FA:45:EB
> inet addr:172.23.1.2 Bcast:172.23.1.255
> Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:14361 errors:0 dropped:0 overruns:0 frame:0
> TX packets:675 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1467426 (1.3 MiB) TX bytes:95311 (93.0 KiB)
> Interrupt:169 Memory:f8000000-f8012800
>
> gre1 Link encap:UNSPEC HWaddr
> AC-17-01-02-00-00-00-00-00-00-00-00-00-00-00-00
> inet addr:1.2.3.4 P-t-P:1.2.3.4 Mask:0.0.0.0
> UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
> RX packets:5884 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:326353 (318.7 KiB) TX bytes:0 (0.0 b)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:1701 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1701 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:2704276 (2.5 MiB) TX bytes:2704276 (2.5 MiB)
>
> [root_at_squidbox ~]# cat /proc/sys/net/ipv4/ip_forward
> 1
> [root_at_squidbox ~]# cat /proc/sys/net/ipv4/conf/default/rp_filter
> 0
> [root_at_squidbox ~]# cat /proc/sys/net/ipv4/conf/eth0/rp_filter
> 0
> [root_at_squidbox ~]# cat /proc/sys/net/ipv4/conf/gre1/rp_filter
> 0
>
>
> The problem I have is that the Squid Proxy does not ever seem to
> receive the traffic forwarded to it by iptables. The proxy is
> listening on 0.0.0.0:3129, but a debug results in "Engine is idle".
What is the exact message displayed by Squid about that port during
startup or reconfigure?
Amos
Received on Wed Apr 20 2011 - 01:08:39 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 20 2011 - 12:00:03 MDT