sorry, forgot to add that I had compiled the freebsd 4.4 kernel with
'options GRE' after patching the kernel sources and adding gre.c by duane
wessels and glenn chisolm
thanks,
scott
On Tue, 23 Apr 2002, Scott Pepple wrote:
> hello all,
>
> i'm trying to test out a squid/wccp configuration with a cisco 2600 (two
> ethernet interfaces) using wccp
>
> i've got a local network, 10.0.1.0 which is being nat'd to the outside
> world as 192.168.1.127 (ip addresses may be changed to protect the
> innocent)
>
> i enable wccp on the outside facing interface (192.168.1.127) with ip wccp
> web-cache redirect out
>
> on the inside network i've got a squid cache on a freebsd box (4.4) with
> the box doing the right ipfw stuff (and forwarding enabled in the kernel)
>
> > sudo ipfw show
> 00100 3246 189064 allow tcp from 10.0.1.24 to any out
> 00200 0 0 allow tcp from any 80 to any out
> 00300 1926 92448 fwd 127.0.0.1,8080 tcp from any to any 80 in
> 00400 288 249041 allow tcp from any 80 to 10.0.1.24 in
> 00500 7159 564094 allow ip from any to any
> 65535 14 5584 deny ip from any to any
>
> (the deny shows matches in there just because i didn't clear the
> counters)
>
> i've got the squid.conf settings straight from the faq -
>
> wccp_router 10.0.1.254
> wccp_version 4
> httpd_accel_port 80
> httpd_accel_host virtual
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> a browser on a box on the inside network just spins and then dies
>
> tcpdump output freaks me out, it show's the router (10.0.1.254) routing
> what i assume are http requests over gre to the squid-box (10.0.1.20)...i
> don't get why there's no traffic out from the squid box except to
> eventually say icmp: time exceeded to the originating requestor.
>
>
> *********************
> 5:58:16.570492 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
> encap)15:58:16.570516 10.0.1.20.1812 > 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
> 15:58:16.571442 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
> encap)15:58:16.571466 10.0.1.20.1812 > 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
> 15:58:16.572453 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
> encap)15:58:16.572476 10.0.1.20.1812 > 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
> 15:58:16.573402 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
> encap)15:58:16.573426 10.0.1.20.1812 > 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
> 15:58:16.574413 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
> encap)15:58:16.574436 10.0.1.20.1812 > 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
> 15:58:16.575362 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
> encap)15:58:16.575385 10.0.1.20.1812 > 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
> 15:58:16.576372 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
> encap)15:58:16.576396 10.0.1.20.1812 > 128.167.120.6.http: S
> 226870297:226870297(0) win 16384 <mss 1332,nop,nop,sackOK> (DF)
> 15:58:16.577323 10.0.1.254 > massive.truenorth.com: gre-proto-0x883E (gre
> encap)15:58:16.577367
> ********
> this goes on for a long time
> ********
> massive.truenorth.com > 10.0.1.20: icmp: time exceeded in-transit (DF)
>
> ********************
>
> i configured squid with --enable-wccp and --enable-ipf-transparent
>
>
> and i'm just wondering if i can do this with just two interfaces on the
> router, it seems to me that there's a loop somewhere
>
> thanks
> scott
>
>
>
Received on Tue Apr 23 2002 - 21:13:57 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:39 MST