On Wed, 23 Feb 2005, Jesse Guardiani wrote:
> #sh ip wccp web-cache detail
> WCCP Cache-Engine information:
> IP Address: 192.168.10.2
> Protocol Version: 2.0
> State: Usable
> Initial Hash Info: 00000000000000000000000000000000
> 00000000000000000000000000000000
> Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> Hash Allotment: 256 (100.00%)
> Packets Redirected: 509
> Connect Time: 00:30:51
Good.
> # iptunnel
> gre0: gre/ip remote any local any ttl inherit nopmtudisc
> gre1: gre/ip remote 192.168.10.1 local 192.168.10.2 dev eth0 ttl inherit
OK, I think.. (not sure about the first..)
> # iptables -t nat -L -v
> Chain PREROUTING (policy ACCEPT 158 packets, 20654 bytes)
> pkts bytes target prot opt in out source destination
> 0 0 REDIRECT tcp -- eth0:22 any anywhere anywhere tcp dpt:www redir ports 3128
> 0 0 REDIRECT tcp -- eth0 any anywhere anywhere tcp dpt:www redir ports 3128
Hmm.. the packets will be coming in on the gre device, not eth0. At least
unless the WCCPv2 patch is configured to send the redirected packets by
direct routing without GRE/WCCPv2 encapsulation.
> The strange thing is that my test machine is set up to use
> the router as my default gateway, and the router claims it
> is redirecting packets. However, I never see any hits on iptables
> rules or in access.log, yet my test machine can still browse
> the web!
What does tcpdump say?
> Shouldn't the cisco be marking the cache as unusable or block
> the web traffic?
Yes..
Regards
Henrik
Received on Wed Feb 23 2005 - 10:50:36 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST