partially solved, my iptables patch not complete (re-patch again with
iptables tar source, not rpm)
right now :
-no /var/log/message indicate error
-no cache.log error
I saw wccp hit increments at router, by redirect packet to squid-box .
Service Identifier: 80
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 1123
Redirect access-list: 155
Total Packets Denied Redirect: 650922
Total Packets Unassigned: 25043
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Service Identifier: 90
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 224
Redirect access-list: 156
Total Packets Denied Redirect: 206844
Total Packets Unassigned: 17095
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
I saw hit increments in iptables :
Chain PREROUTING (policy ACCEPT 11517 packets, 2009K bytes)
pkts bytes target prot opt in out source
destination
76 24942 TPROXY all -- any any anywhere anywhere
TPROXY redirect 0.0.0.0:3128
But still no hit at access.log, and my host still can't open the web
My last squid-box config :
#iptables :
iptables -t tproxy -A PREROUTING -j TPROXY --on-port 3128
#part squid.conf :
http_port 3128 transparent tproxy vhost vport=80
always_direct allow all
wccp2_router y.y.y.y
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service dynamic 80
wccp2_service dynamic 90
wccp2_service_info 80 protocol=tcp flags=dst_ip_hash priority=240 ports=80
wccp2_service_info 90 protocol=tcp flags=src_ip_hash,ports_source
priority=240 ports=80
#part of my cisco config:
ip wccp 80 redirect-list 155
ip wccp 90 redirect-list 156
int fasteth0 >ip wccp 80 redirect out
int fasteth1 >ip wccp 90 redirect out
int fasteth3 >ip wccp redirect exclude in ( the port that squid-box
attached)
access-list 155 permit ip host x.x.x.x any
access-list 156 permit ip any host x.x.x.x
#modules:
[root@tproxy sbin]# lsmod
Module Size Used by
ipt_TPROXY 2176 1
iptable_tproxy 17708 1
ip_nat 18604 1 iptable_tproxy
ip_conntrack 49836 2 iptable_tproxy,ip_nat
ip_tables 20096 2 ipt_TPROXY,iptable_tproxy
ip_gre 13472 0
Does anyone try this with success? no-clues when googled
regards,
Tino
----- Original Message -----
From: "tino" <tino.kriswanto@gmail.com>
To: <squid-users@squid-cache.org>
Sent: Tuesday, July 11, 2006 9:27 AM
Subject: error transparent squid.2.6.stable1 with wccpv2 and tproxy
> Hi,
> I just install squid.2.6.stable1, kernel 2.6.15.7 with cttproxy
> It work good when running transparent & wccpv2 web-cache mode
>
> But when I addding wccp dynamic service for IP-Spoof, I get an error :
>
> 2006/07/11 08:00:37| tproxy ip=x.x.x.x,0x7a0989ca,port=0 ERROR ASSIGN
>
>
> #part of my squid.conf :
> http_port 3128 transparent tproxy vhost vport=80
> always_direct allow all
> wccp2_router x.x.x.x
> wccp_version 4
> wccp2_forwarding_method 1
> wccp2_return_method 1
> wccp2_service standard 0
> wccp2_service dynamic 90
> wccp2_service_info 90 protocol=tcp flags=src_ip_hash priority=1 ports=80
>
> #part of my cisco run:
> ip wccp web-cache redirect-list 155
> ip wccp 90 redirect-list 156
> int fasteth0 >ip wccp web-cache redirect out
> int fasteth1 >ip wccp 90 redirect out
>
> #my iptables at linux:
> Chain PREROUTING (policy ACCEPT 262 packets, 18290 bytes)
> pkts bytes target prot opt in out source
> destination
> 112 6710 REDIRECT tcp -- gre0 any anywhere
> anywhere
> tcp dpt:http redir ports 3128
>
> #my sysctl:
> [root@tproxy sbin]# sysctl -a | grep rp.filter
> net.ipv4.conf.gre0.arp_filter = 0
> net.ipv4.conf.gre0.rp_filter = 0
> net.ipv4.conf.eth0.arp_filter = 0
> net.ipv4.conf.eth0.rp_filter = 0
> net.ipv4.conf.default.arp_filter = 0
> net.ipv4.conf.default.rp_filter = 0
> net.ipv4.conf.all.arp_filter = 0
> net.ipv4.conf.all.rp_filter = 0
> net.ipv4.conf.lo.arp_filter = 0
> net.ipv4.conf.lo.rp_filter = 0
>
>
> regards,
> Tino
>
>
Received on Tue Jul 11 2006 - 04:04:42 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT