[squid-users] Re: A Happy Deeptish and two veterans rizwan&khiz may open my passage to glory

From: Abhilash. V.M. <vmabhi@dont-contact.us>
Date: Fri, 28 Sep 2001 05:25:16 -0700 (PDT)

Hi,
My problems are solved.the ip_wccp which I had was
buggy. I got a different one and recompiled it.
it works !!!

Thanks a lot to each one of you guys...!

FootNote : my cache engine works absolutely fine even
without the acl. MIRACLE ??!!!! :):):) (I dont know y
it does not create loops...

thanks n Regards
a cheerful Abhilash

--- Deeptish Dey <deeptish@lotus.saha.ernet.in> wrote:
>
> Hi Abhilash,
>
> Let Me clear up few things immediately,
>
> 1. finally I switched over to ip_wccp.o, as with
> ip_gre.o my squid was
> numb. So if u wish u can try with that.
>
> 2. access list is must, I previously did as u r now
> that the list will
> deny traffic from squid to any, smile not the case,
> it means that any
> traffic from squid will not be redirected, thats why
> the deny rule.
> SO u have to put those lines in proper places, deny
> for all cache hosts,
> and permit for other hosts.
>
> 3. ip wccp web-cache redirect out;;; PUT THIS LINE
> IN YOUR wAn INTERFACE
> AND not IN ETHERNET INTERFACE...
>
>
> ----that does it all, with blessings of squid gods
> and goddess, if u wish
> u can get it done with ip_gre, with little more
> effort, not doing the
> mistakes I did ( I still dont know )... do mail
> back...;
>
> TODO:
> PREPARE a cookbook for transparent proxy with wccp
>
>
> Regards
>
> Deeptish
>
>
> On Thu, 27 Sep 2001, Abhilash. V.M. wrote:
>
> :)Hi,
> :)I was closely monitoring the interactions with
> :)Deeptish and khiz, cos I was pissed off with this
> wccp
> :)box.My first problem (The Nimda virus ) is solved
> :)now.Thanks to Khiz and rizwan.
> :)
> :)Now, I will brief the steps I did here with
> supporting
> :)informations.
> :)
> :)First, of all, I'll include the wccp config part
> of my
> :)cisco.
> :)
> :)ip subnet-zero
> :)ip wccp version 1
> :)ip wccp web-cache
> :)no ip domain-lookup
> :)
> :)interface FastEthernet0/0
> :) ip address 202.88.231.4 255.255.255.0
> :) ip wccp web-cache redirect out
> :) no ip directed-broadcast
> :) speed auto
> :) full-duplex
> :)
> :)I have not created any access lists
> :)as diptish had created. Also let me know if its
> reqd.
> :)
> :):)> ip access-list extended cache
> :)> :)> deny tcp host 202.56.207.35 any ------>
> :)202.56.207.35 is my
> :)> cache
> :)> :)> squid
> :)> :)> permit tcp any any eq www
> :)> :)> !
> :)
> :)(Deeptish's access list : I guess the above one
> will
> :)deny all the requests from the squid, to outside
> world
> :)and it wont be able to access the site and cache
> :)it.correct me if I am wrong. which interface was
> :)applied with this accesslist ?).
> :)
> :)Now, in the squid box, I did the following.
> :)
> :)1:echo 1 >/proc/sys/net/ipv4/ip_forward (Enabling
> IP
> :)forwarding. I am not convinced abt its need, as my
> :)squid box has only 1 ethernet card, and ip
> address.I
> :)blindly followed it as I got it from one of the
> FAQs).
> :)
> :)2:modprobe ip_gre
> :)
> :)3:iptunnel add gre1 mode gre remote<cisco's
> ethernet
> :)ip> local<I tried both squid's ip and 127.0.0.2>
> dev
> :)eth0.
> :)
> :)4:ifconfig gre1<local-ip>netmask <A.B.C.D> up
> :)
> :)Now, once I start squid, my cisco detects it, and
> its
> :)#sh ip wccp is captured below.
> :)
> :)Global WCCP information:
> :) Router information:
> :) Router Identifier:
> :)203.208.147.78
> :) Protocol Version: 1.0
> :)
> :) Service Identifier: web-cache
> :) Number of Cache Engines: 1
> :) Number of routers: 1
> :) Total Packets Redirected:
> 2020942
> :) Redirect access-list:
> -none-
> :) Total Packets Denied Redirect: 0
> :) Total Packets Unassigned: 8
> :) Group access-list:
> -none-
> :) Total Messages Denied to Group: 0
> :) Total Authentication failures: 0
> :)
> :)It shows lots of packets are being redirected. But
> my
> :)worry is, where the heck does it all vanish ?
> :)my access.log is 0 bytes long ! and no updates at
> all
> :)!
> :)
> :)This clearly means my cisco is simply forwarding
> the
> :)packets, and its not getting captured by squid.
> :)I have absolutely no problems in browsing the
> sites
> :)(Except that its slow, since there is no cache.)
> :)
> :)Now, I request you experienced people to help me
> out.
> :)I never thought this would be this difficult !
> :)
> :)I will be gr8ful to u if u cud give me a detailed
> step
> :)by step procedure of this stuff.
> :)
> :)another interesting thing is, when I say lsmod, my
> :)ip_wccp module is shown as unused. (its captured
> :)below).
> :)
> :)Module Size Used by
> :)ip_gre 6744 1
> :)ip_wccp 672 0 (unused)
> :)lockd 31176 1 (autoclean).
> :)
> :)Does it mean that the module is not ok ?
> :)
> :)Now, please please help !!(You guys are my last
> resort
> :)! do the magic again !! :):))
> :)
> :)Thanks for ur understanding.
> :)
> :)Regards
> :)Abhilash.V.M.
> :)cochin, India.
> :)
> :)
> :)
> :)
> :)__________________________________________________
> :)Do You Yahoo!?
> :)Listen to your Yahoo! Mail messages from any
> phone.
> :)http://phone.yahoo.com
> :)
>

__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com
Received on Fri Sep 28 2001 - 06:25:18 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:31 MST