Re: [squid-users] WCCP / no return traffic on gre interface

From: Nick Ellson <grimm@dont-contact.us>
Date: Sat, 19 May 2007 15:39:03 -0700 (PDT)

Hi Henrik,

I caught this thread as I was fighting the same issue, and this dialogue got me
much farther. But not quite there so i have a question if you do not mind.

I have a Cisco 1841 doing wccpv2 with an ACL that, for now, trap only my wifi
laptops web traffic on the DSL egress BVI1 interface. Squid is a Gentoo Linux
box on a 10.0.0.20/24 address, off FastEtherenet0/0.1. My Wifi Station is
10.0.2.10/24 off FastEtherenet0/0.5.

Squid listening on port 3128 transparent, iptables REDIRECT from 80 to 3128.
wccp0 gre tunnel is up and shows traffic recieved from the router.

Squid works great as I have firefox manually using 10.0.0.20 port 80 as a
proxy, so my iptables redirect is doing it's job, and Squid is happy as a
proxy.

When I run IE7 on the same laptop with no proxy, I see my router catch it, and
send ther request to my proxy. The eth0/wccp0 port has it come in (tshark -i
wccp0 shows the web request, tshark -i eth0 -R ip proto gre shows the gre
traffic of the same)

But Squid in debug mode shows no hit to the proxy server process.

I suspect that the WCCPv2 is working, but the traffic is not making it to Squid
from the end of the GRE tunnel.

Debug from router:

WCCP-PKT:S00: Received valid Here_I_Am packet from 10.0.0.20 w/rcv_id 00000B48
WCCP-PKT:S00: Sending I_See_You packet to 10.0.0.20 w/ rcv_id 00000B49
WCCP-PKT:S00: Received valid Here_I_Am packet from 10.0.0.20 w/rcv_id 00000B49
WCCP-PKT:S00: Sending I_See_You packet to 10.0.0.20 w/ rcv_id 00000B4A

Debug ip packet (permit gre any any)

IP: s=222.222.222.222 (FastEthernet0/0.5), d=10.0.0.20 (FastEthernet0/0.1),
IP: g=10.0.0.20, len 80, forward, proto=47
IP: s=222.222.222.222 (FastEthernet0/0.5), d=10.0.0.20 (FastEthernet0/0.1),
IP: g=10.0.0.20, len 80, forward, proto=47

My router has a loopback of 222.222.222.222 so I would know it easily in tunnel
config. The real outside IP it was using was 209.162.205.230 on BVI1 and that
is where the "ip wccp web-cache redirect out" command lives.

A sniff on my proxy server, as I have IE7 do a google search:

goonie ~ # tshark -R gre
Capturing on eth0
   8.212647 mater.nickellson.com -> po-in-f147.google.com TCP 2087 > http [SYN]
Seq=0 Len=0 MSS=1260 WS=0
  11.218921 mater.nickellson.com -> po-in-f147.google.com TCP 2087 > http [SYN]
Seq=0 Len=0 MSS=1260 WS=0
  17.255232 mater.nickellson.com -> po-in-f147.google.com TCP 2087 > http [SYN]
Seq=0 Len=0 MSS=1260 WS=0

This is how I am surmizing WCCPv2 is OK, as I get the GRE redirect.

Squid cache.log under debug:

2007/05/19 15:31:37| wccp2HereIam: sending to service id 0
2007/05/19 15:31:37| Sending HereIam packet size 144
2007/05/19 15:31:37| Incoming WCCPv2 I_SEE_YOU length 132.
2007/05/19 15:31:37| Complete packet received
2007/05/19 15:31:37| Incoming WCCP2_I_SEE_YOU Received ID old=3039 new=3040.
2007/05/19 15:31:37| Cleaning out cache list
2007/05/19 15:31:37| checking cache list: (1400000a:1400000a)
2007/05/19 15:31:37| Change not detected (5 = 5)

I think I have followed the bunny trail pretty far here and I wold love some
advice on how to debug this further. How can I see between the redirect packet
landing on eth0 from the wccp0 tunnel to why iptables never gets it to squid?

iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere 10.0.2.0/24
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir
ports 3128
ACCEPT 0 -- anywhere 10.0.0.0/24
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir
ports 3128

ip addr show wccp0
4: wccp0@eth0: <POINTOPOINT,NOARP,UP,10000> mtu 1476 qdisc noqueue
      link/gre 10.0.0.20 peer 222.222.222.222
      inet 10.0.0.20/32 scope global wccp0

Nick

-- 
Nick Ellson
Dad
CCDA, CCNP, CCSP, CCAI,
MCSE 2000, Security+, Network+
Network Hobbyist, VFR Private Pilot.
Received on Sat May 19 2007 - 16:39:04 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT