Here are the pertinent infos...
Cheers,
/Jason
=====<begin cisco section>=====
ip wccp web-cache redirect-list WCCP-USERS group-list WCCP-PROXIES
ip access-list standard WCCP-PROXIES
permit 192.168.40.32 0.0.0.15
ip access-list standard WCCP-USERS
permit 10.160.100.10
permit 10.160.100.8
permit 10.160.104.10
permit 10.160.100.38
proxy vlan interface:
interface Vlan2005
ip address 192.168.40.33 255.255.255.240
no ip route-cache cef
no ip mroute-cache
incoming interface for everybody:
ip wccp web-cache redirect in
interface Loopback0
ip address 172.20.1.72 255.255.255.255
RPCO1C6K1#sh ip wccp web-cache detail
WCCP Cache-Engine information:
Web Cache ID: 192.168.40.37
Protocol Version: 2.0
State: Usable
Redirection: GRE
Packet Return: GRE
Assignment: HASH
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 5
Connect Time: 00:07:11
RPCO1C6K1#sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 172.20.1.72
Protocol Version: 2.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 46
Redirect access-list: WCCP-USERS
Total Packets Denied Redirect: 0
Total Packets Unassigned: 30
Group access-list: WCCP-PROXIES
Total Messages Denied to Group: 0
Total Authentication failures: 0
=====<end of cisco section>=====
=====<begin of squid wccp stuff>=====
http_port 192.168.40.37:8080 transparent
tcp_outgoing_address 192.168.40.37
cache_effective_user squid
visible_hostname spco1pxyA-1
wccp2_router 192.168.40.33
wccp2_rebuild_wait on
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service standard 0
wccp2_weight 256
wccp2_address 192.168.40.37
coredump_dir /var/squid/cache-prod1
=====<end of squid wccp stuff>=====
iptables -t nat -L:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http to:192.168.40.37:8080
ip tunnel show | grep gre1:
gre1: gre/ip remote 172.20.1.72 local 192.168.40.37 dev eth2 ttl inherit
=====<begin forwarding and anti-spoofing section>=====
[root@localhost etc]# sysctl -a | egrep -w "forwarding|rp_filter"
net.ipv4.conf.gre1.rp_filter = 0
net.ipv4.conf.gre1.forwarding = 1
net.ipv4.conf.eth2.rp_filter = 0
net.ipv4.conf.eth2.forwarding = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.forwarding = 1
=====<end forwarding and anti-spoofing section>=====
Adrian Chadd wrote:
> On Mon, Dec 04, 2006, Jason Taylor wrote:
>
>> However, a tcpdump on the GRE interface of the squid shows only the
>> first packet (SYN).
>> A tcpdump on the eth2 (where squid is listening) shows the SYN-ACK
>> packet being sent back to the workstation.
>
> Whats the wccp config on the router look like?
> Whats the wccp config on the squid(s) look like?
> Whats the redirection config (iptables) look like? And hm, have
> you disabled anti-spoof checks on the linux box (rp_filter) ?
>
>
> adrian
>
Received on Mon Dec 04 2006 - 16:07:51 MST
This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST