Hmm..perhaps I should have just stuck with linux instead of trying
FreeBSD for this one. Can I know what version of Linux you managed to
get it working on Adrian?
I tried turning on the link2 flag for good measure:
gre0: flags=f051<UP,POINTOPOINT,RUNNING,LINK0,LINK1,LINK2,MULTICAST> mtu 1476
tunnel inet 192.168.1.8 --> 192.168.254.2
inet6 fe80::xxxx%gre0 prefixlen 64 scopeid 0x4
inet 192.166.1.8 --> 192.168.254.2 netmask 0xffffffff
ipfw shows the packets are being forwarded to port 3128 which is the
port squid is listening to:
00048 16942 1400049 allow gre from any to any
00049 1019 275497 allow tcp from 192.168.1.8 to any
00050 16934 924921 fwd 127.0.0.1,3128 tcp from any to any dst-port 80
06000 2371 1041172 allow ip from any to any
65535 4 437 deny ip from any to any
I believe the problem is Squid receiving WCCP messages from
192.168.1.3 but gre packets from 192.168.254.3 (the highest ip on its
interfaces). Any ways around this? I thought of NAT but that would add
an extra overhead on the whole thing. Am I right in thinking that way
or is there something else.
Meanwhile, plan B: download Linux!
woon
On 9/25/06, Adrian Chadd <adrian@creative.net.au> wrote:
> On Mon, Sep 25, 2006, Wei Kian Woon wrote:
> > Hi all,
> >
> > First of all, hello. I'm new to Squid, but learning fast (i hope!)
>
> Welcome!
>
> > I'm trying to implement transparent proxying using Squid 2.6 stable4
> > on FreeBSD 6.1, while the WCCP router is a Cisco 5500 running
> > 12.2(28a) IOS. I managed to get the router to acquire successfully the
> > Squid cache. There's some problem with the GRE portion however. When I
> > do a tcpdump on the BSD server it show that the router is forwarding a
> > lot of GREv0 packets to the server which is good, but the BSD server
> > is not responding to it. The thing I observed was that the router
> > associates with the BSD server originally through WCCP using the
> > (fake) ip address of 192.168.1.3 , but when it sends the GRE packets
> > with a source ip of 192.168.254.3, which is the highest ip address in
> > the router (thus the router identifier is 192.168.254.3). I created
> > the gre0 tunnel on the BSD with the commands:
> >
> > ifconfig gre0 create
> > ifconfig gre0 192.168.1.8 192.168.254.3 netmask 255.255.255.255 up
> > (192.168.1.8 is the server ip)
> > ifconfig gre0 tunnel 192.168.1.8 192.168.254.4
> > route delete 192.168.254.4
> >
> > I added the device gre option into the kernel config, together with
> > the options IPFIREWALL and IPFIREWALL_FORWARD (ipfw tested to work),
> > and recompiled the kernel. Problem is that there's no reply from the
> > BSD server to the gre packets from the router. How can I fix this?
> > There doesnt seem to be a way to change the router identifier on the
> > cisco router (bar renumbering the router ip addresses!). Anyone have
> > any ideas?
>
> I've managed to get Squid-2.6+WCCPv2 to work fine under Linux+iptables
> but I've been completely unable to do it under FreeBSD+pf. I know
> redirected requests are working fine, its just the GRE decapsulation
> thats being weird. Just like you've noticed.
>
> Its nice to know someone else is having the same problem.
>
> Is anyone here successfully running WCCPv1 or WCCPv2 with FreeBSD 6.x?
>
>
>
>
>
> Adrian
>
>
Received on Tue Sep 26 2006 - 01:57:39 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:04 MDT