Hello!
I'm trying to set up a transparent proxy, but I'm running in to some
difficulty. Here is my set up:
* Cisco 837 running Cisco IOS 12.3
* FreeBSD 5.1
* squid-2.5.4_6 with WCCP compiled in
* (also running apache-2.0.48_1, running on port 80)
I have so far taken the following steps:
In squid.conf:
--------------
## WCCP Redirection (Transparent Proxy)
## ------------------------------------
httpd_accel_host virtual
httpd_accel_port 3128
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
wccp_router 10.0.0.254
wccp_version 3
On the Cisco 837:
-----------------
ip wccp version 1
ip wccp web-cache redirect-list 2
!
interface BVI1
description --- Bridging Interface ---
ip address 150.101.x.x 255.255.255.248
ip wccp web-cache redirect in
ip nat outside
end
!
access-list 2 permit 10.0.0.0 0.0.0.255
On FreeBSD 5.1:
---------------
<compiled 'device gre' into kernel>
configured device with:
# ifconfig gre0 create
# ifconfig gre0 10.0.0.3 10.0.0.254 netmask 255.255.255.255 up
# ifconfig gre0 tunnel 10.0.0.3 10.0.0.254
# route delete 10.0.0.254
ifconfig:
gre0: flags=9051<UP,POINTOPOINT,RUNNING,LINK0,MULTICAST> mtu 1476
tunnel inet 10.0.0.3 --> 10.0.0.254
inet6 fe80::240:5ff:fe03:3fb1%gre0 prefixlen 64 scopeid 0x5
inet 10.0.0.3 --> 255.255.255.0 netmask 0xff000000
Once all this is done and Squid starts I get the following messages on my
837:
router#deb ip wccp event
router#deb ip wccp packet
*Mar 1 19:57:04.715: WCCP-PKT: Sending I_See_You packet to 10.0.0.3 w/ rcvd_id 000000C2
*Mar 1 19:57:14.739: WCCP-EVNT: Built I_See_You msg body w/1 usable web caches, change # 0000000B
*Mar 1 19:57:14.739: %WCCP-5-CACHEFOUND: Web Cache 10.0.0.3 acquired
*Mar 1 19:57:14.739: WCCP-PKT: Received valid Here_I_Am packet from 10.0.0.3 w/rcvd_id 000000C2
*Mar 1 19:57:14.739: WCCP-PKT: Sending I_See_You packet to 10.0.0.3 w/ rcvd_id 000000C3
*Mar 1 19:57:25.759: WCCP-PKT: Received valid Here_I_Am packet from 10.0.0.3 w/rcvd_id 000000C3
*Mar 1 19:57:25.759: WCCP-PKT: Sending I_See_You packet to 10.0.0.3 w/ rcvd_id 000000C4
So they're talking WCCP, however users can still browse the web and it
seems to me as though the router isn't forwarding the traffic:
router#sh ip wccp web-cache detail
WCCP Cache-Engine information:
Web Cache ID: 0.0.0.0
Protocol Version: 0.3
State: Usable
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Hash Allotment: 0 (0.00%)
Packets Redirected: 0
Connect Time: 00:03:35
I am not sure if interface BVI1 is supposed to be redirect in or redirect
out, but so far having either has shown the same results.
Squid logs are not showing anything.
Is my understanding correct if I say that my 837 intercepts traffic on port
80 and then, using the GRE tunnel, redirects it to my FreeBSD box still on
port 80, where squid handles it like a normal request? If this is the
case, am I supposed to set up some kind of firewall rule that captures
traffic in port 80 and remaps it to port 3128? If I do this, how can I
have apache and squid running together?
This is sort of what I have worked out after reading the setup steps for
all sorts of linux/freebsd configurations, but I'm not so sure it's what I
need to do. To test this I changed the listening port of squid to 80, and
still saw no entries in my access.log tending me to believe that the
wccp-redirect just ain't workin'.
Can anyone shed any light?
Cheers,
-- Adam Smith : adam@internode.com.au Internode : http://www.internode.on.net Phone : (08) 8228 2999Received on Sat Jan 24 2004 - 22:50:56 MST
This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:08 MST