Yanis Sauvé wrote:
> Hello everyone,
>
> PIX 525, os 7.2(4), WCCPv2. CentOS 5.4
> (2.6.18-164.6.1.el5.centos.plus).
>
> Configuration on PIX side seems to be valid, since I see a lot of
> traffic coming from the PIX on the cache-server in Wireshark when the
> redirection command is applied to the ingress interface.
>
> I was wondering what it should look like in Wireshark?
Should look like packets arriving on the main interface from the client
host.
Either Pre-NAT (outside the squid box):
client-> web server
squid -> web server
web server -> squid
squid -> client
Or post-NAT (inside the squid box):
client -> squid
squid -> web server
web server -> squid
squid -> client
NP: Squid connects to any IP of the web server independent of the one
the client was trying to connect.
Payload of the sub-stream squid-> server and back should be almost but
not identical to the one to the client.
>
> I do see my GRE tunnel interface but I see no traffic coming through
> it, it all comes over the eth0 (actually bond0) interface. Is this
> normal?
Yes. In wireshark the gre interface is not visible. gre interface is
unwrapping packets then re-scheduling them through the OS routing stack
as if they arrived on the primary interface. In your case it sounds like
the main one is eth0/bond0.
The only way I know of identifying the exact handling interface is
logging from ebtables or watching the receiving interface counters grow.
>
> If I do requests directly to squid, everything works OK, just not
> when the PIX takes care of redirection.
If Squid is configured properly to intercept traffic you should be
seeing NAT errors logged by Squid on non-NAT traffic arriving on the
intercept port.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 Current Beta Squid 3.1.0.15Received on Thu Jan 14 2010 - 03:17:41 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 14 2010 - 12:00:03 MST