Well actually it seems like we found the problem. We were testing 3 of
the 4 routers, and only 1 of those was having issues. By turning on the
options "no ip redirects" and "no ip proxy-arp" on the router's ethernet
interfaces, the problem went away. Also with that ipfw config, that's
just how it was specified online (and the other squid box has the same
config method).
Ryan Thoryk
Adrian Chadd wrote:
> On Thu, Jan 24, 2008, Ryan Thoryk wrote:
>> I've got more information (on the FreeBSD side):
>>
>> The packets are coming in over the GRE interface, but seem to be
>> randomly disappearing after the IPFW forward operation (forwards to
>> localhost:3128).
>>
>> Here's the ipfw config:
>> 00150 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 via gre0 in
>
>> 00250 fwd 127.0.0.1,3128 ip from any to any via gre0 in
>
> Why are you doing that?
> You don't need to redirect the ip at all. Well, in theory you -should-
> be to handle ICMP messages, but I don't think that works at all atm
> (and is an OS related issue.)
>
> Just do:
>
> add fwd 127.0.0.1,3128 tcp from any to any 80 in via gre0
> add fwd 127.0.0.1,3128 tcp from any to any 80 in via gre1
> add fwd 127.0.0.1,3128 tcp from any to any 80 in via gre2
>
> .. etc
>
> And see what that does.
>
> I've got multiple WCCPv2 aware routers but i'm in the middle of getting
> TPROXY stuff documented and so I can't easily change it all around
> to support multiple routers with potential asymmetric traffic paths
> for WCCPv2 (which is what you're trying to achieve.)
> That requires quite a lot of time :/
>
>
>
> Adrian
>
>
Received on Fri Jan 25 2008 - 10:51:18 MST
This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST