Hi Luu,
If you obscure too much information it becomes difficult to work out what is being sent, by who and to where... The point in constructing a redirect list is that you can test your configuration using one known client and one known server before applying wccp to all http traffic crossing the interface. Perhaps you could set up and document a test using private addresses? What did your redirect list look like? - did the redirect count go up? how do the obscured icmp messages relate to the addresses of client/squid box/next-hop router?
ICMP debug should show icmp messages with the router/switch as source or destination, and is therefore a key wccp troubleshooting tool; administratively prohibited on Cisco routers/switches refers to the blocking of packets by an access list, but without any ip information about your test it is impossible to say whether these messages relate to your problem or not.
-----Original Message-----
From: Luu Trung Duong [mailto:luutd@ctu.edu.vn]
Sent: Fri 21/01/2005 01:43
To: Damian-Grint Philip
Cc: 'squid-users'
Subject: RE: [squid-users] problem with WCCP + SQUID + 6509
I had tried a redirect-list but the problem is the same.
Here some information about debug
debug ip icmp
1w5d: ICMP: dst (xxx.xxx.xxx.xxx) administratively prohibited unreachable
sent to xxx.xxx.xxx.xxxb
1w5d: ICMP: dst (xxx.xxx.xxx.xxx) administratively prohibited unreachable
sent to xxx.xxx.xxx.xxx
1w5d: ICMP: dst (xxx.xxx.xxx.xxx) administratively prohibited unreachable
sent to xxx.xxx.xxx.xxx
1w5d: ICMP: dst (xxx.xxx.xxx.xxx) administratively prohibited unreachable
sent to xxx.xxx.xxx.xxx
1w5d: ICMP: dst (xxx.xxx.xxx.xxx) administratively prohibited unreachable
sent to xxx.xxx.xxx.xxx
1w5d: ICMP: dst (xxx.xxx.xxx.xxx) administratively prohibited unreachable
sent to xxx.xxx.xxx.xxx
1w5d: ICMP: dst (xxx.xxx.xxx.xxx) administratively prohibited unreachable
sent to xxx.xxx.xxx.xxx
debug ip wccp packets
1w5d: WCCP-PKT: Received valid Here_I_Am packet from xxx.xxx.xxx.xxx
w/rcvd_id 00000069
1w5d: WCCP-PKT: Sending I_See_You packet to xxx.xxx.xxx.xxx w/ rcvd_id
0000006A
1w5d: WCCP-PKT: Received valid Here_I_Am packet from xxx.xxx.xxx.xxx
w/rcvd_id 0000006A
1w5d: WCCP-PKT: Sending I_See_You packet to xxx.xxx.xxx.xxx w/ rcvd_id
0000006B
-----Original Message-----
From: Damian-Grint Philip [mailto:pdamian-grint@collierscre.co.uk]
Sent: Thursday, January 20, 2005 10:04 PM
To: squid-users
Subject: RE: [squid-users] problem with WCCP + SQUID + 6509
Have you tried using a redirect-list to define traffic to be redirected?
Can you show some output from the following while pushing http traffic
across the router:
term mon
-----Original Message-----
From: Luu Trung Duong [mailto:luutd@ctu.edu.vn]
Sent: 20 January 2005 13:45
To: 'squid-users'
Subject: [squid-users] problem with WCCP + SQUID + 6509
Hi All,
I problem with WCCP + SQUID + 6509 as follow:
"The problem is my client can't detect the proxy (where i was setting
as transparent proxy) and he cannot browsing, but if the client using
manual proxy, it's ok...."
I use:
Cisco 6509
REDHAT 9.1, Kernel 2.4.20.8
ip_wccp ver 1.7
squid 2.5STABLE7
I had follow intruction for Henrik Nordstrom and another message in
list
-----------------
make mrproper
cp configs/config_matching_your_kernel_type .config
make oldconfig / make xconfig / make menuconfig
make dep
make clean
make bzImage
make modules
[take note of the GCC flags shown during "make modules"]
Install newly built kernel
make modules_install
make install
Boot into the new kernel to verify that it works
Change boot menu to default to the new kernel
[default=0 in /etc/boot/grub/grub.conf]
Build & install ip_wccp module
gcc [flags collected above] -o ip_wccp.o ip_wccp.c
mkdir /lib/modules/2.4.XX-yycustom/net
cp ip_wccp.o /lib/modules/2.4.XX-yycustom/net/
depmod -a
Load ip_wccp module and verify WCCP functionality
modprobe ip_wccp
Set up the sytem to load ip_wccp automatically on system boot
echo "modprobe ip_wccp" >>/etc/rc.d/rc.local
[alternatively add the modprobe line to /etc/rc.d/init.d/squid]
-----------------
WCCP on 6509
---------------
ip wccp version 1
ip wccp web-cache
-----------------
WCCP on vlan Int
---------------
ip wccp web-cache redirect out
---------------
sh ip wccp web-cache
------------------------------------------------------------
Global WCCP information:
Router information:
Router Identifier: xxxx.xxxx.xxxx.xxx
Protocol Version: 1.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 10
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
------------------------------------------------------------
sh ip wccp web-cache view
----------------------------------
WCCP Routers Informed of:
-none-
WCCP Cache Engines Visible:
203.162.202.133
WCCP Cache Engines NOT Visible:
-none-
------------------------------------
sh ip wccp web-cache detail
----------------------------------------------
WCCP Cache-Engine information:
IP Address: 203.162.202.133
Protocol Version: 0.4
State: Usable
Redirection: GRE
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 0
Connect Time: 00:41:25
--------------------------------------------------
[squid@cache-2 sbin]$ lsmod
Module Size Used by Not tainted
ipt_REDIRECT 1272 2 (autoclean)
iptable_nat 19448 1 (autoclean) [ipt_REDIRECT]
ip_conntrack 24960 1 (autoclean) [ipt_REDIRECT iptable_nat]
ip_wccp 1832 0 (unused)
parport_pc 17028 1 (autoclean)
lp 8292 0 (autoclean)
parport 33120 1 (autoclean) [parport_pc lp]
autofs 11860 0 (autoclean) (unused)
e100 54148 1
ipt_REJECT 3512 6 (autoclean)
iptable_filter 2284 1 (autoclean)
ip_tables 13624 6 [ipt_REDIRECT iptable_nat ipt_REJECT
iptable_filter]
keybdev 2688 0 (unused)
mousedev 5044 1
hid 20100 0 (unused)
input 5472 0 [keybdev mousedev hid]
usb-uhci 23692 0 (unused)
ehci-hcd 17480 0 (unused)
usbcore 71136 1 [hid usb-uhci ehci-hcd]
ext3 61792 2
jbd 46612 2 [ext3]
------------------------------------------------------
[root@cache-2 sbin]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http
redir ports 3128
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@cache-2 sbin]#
--------------------------------------------------------
________________________________________________________________________
This e-mail has been scanned for all viruses by Star. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________
________________________________________________________________________
This e-mail has been scanned for all viruses by Star. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________
________________________________________________________________________
This e-mail has been scanned for all viruses by Star. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________
________________________________________________________________________
This e-mail has been scanned for all viruses by Star. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________
Received on Fri Jan 21 2005 - 02:42:48 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:36 MST