[squid-users] TCPDump packet traces for Squid 2.5 / OpenSuse 10.1/ WCCPv1 /Cisco Router 3620

Here's a TCP dump I'm trying to debug. Maybe someone can help.

Setup is transparent proxy: Squid 2.5 / OpenSuse 10.1/ WCCPv1 /Cisco Router
3620 (full configs below)

Symptom is that the client's browser times out when trying to reach web
sites when wccp web-cache is enabled on the router.
(Configuring the browser manually to use the cache works fine.)

172.16.1.45 = client browsing the web
172.16.1.254 = cisco router with WCCP, redirecting port 80 traffic to squid
cache
172.16.1.171 = squid box (aka squid.beachbooks.org)

Looks like packets are getting from the client to the squid cache, but when
the squid cache tries to respond, it can't reach the client?

11:34:00.555517 IP squid.beachbooks.org > 172.16.1.45: ICMP time exceeded
in-transit, length 56

I can ping from the squid box to the client no problem...

TCPDump Trace:

11:34:00.551577 IP 172.16.1.45.itm-mccs > p7.www.scd.yahoo.com.http: S
4138401172:4138401172(0) win 16384 <mss 1460,nop,nop,sackOK>
11:34:00.552040 IP 172.16.1.254 > squid.beachbooks.org: GREv0, length 52:
gre-proto-0x883e
11:34:00.552053 IP 172.16.1.45.itm-mccs > p7.www.scd.yahoo.com.http: S
4138401172:4138401172(0) win 16384 <mss 1460,nop,nop,sackOK>
11:34:00.552508 IP 172.16.1.254 > squid.beachbooks.org: GREv0, length 52:
gre-proto-0x883e
11:34:00.552518 IP 172.16.1.45.itm-mccs > p7.www.scd.yahoo.com.http: S
4138401172:4138401172(0) win 16384 <mss 1460,nop,nop,sackOK>
11:34:00.552981 IP 172.16.1.254 > squid.beachbooks.org: GREv0, length 52:
gre-proto-0x883e
11:34:00.552993 IP 172.16.1.45.itm-mccs > p7.www.scd.yahoo.com.http: S
4138401172:4138401172(0) win 16384 <mss 1460,nop,nop,sackOK>
11:34:00.553451 IP 172.16.1.254 > squid.beachbooks.org: GREv0, length 52:
gre-proto-0x883e
11:34:00.553463 IP 172.16.1.45.itm-mccs > p7.www.scd.yahoo.com.http: S
4138401172:4138401172(0) win 16384 <mss 1460,nop,nop,sackOK>
11:34:00.553996 IP 172.16.1.254 > squid.beachbooks.org: GREv0, length 52:
gre-proto-0x883e
11:34:00.554008 IP 172.16.1.45.itm-mccs > p7.www.scd.yahoo.com.http: S
4138401172:4138401172(0) win 16384 <mss 1460,nop,nop,sackOK>
11:34:00.554542 IP 172.16.1.254 > squid.beachbooks.org: GREv0, length 52:
gre-proto-0x883e
11:34:00.554553 IP 172.16.1.45.itm-mccs > p7.www.scd.yahoo.com.http: S
4138401172:4138401172(0) win 16384 <mss 1460,nop,nop,sackOK>
11:34:00.555013 IP 172.16.1.254 > squid.beachbooks.org: GREv0, length 52:
gre-proto-0x883e
11:34:00.555024 IP 172.16.1.45.itm-mccs > p7.www.scd.yahoo.com.http: S
4138401172:4138401172(0) win 16384 <mss 1460,nop,nop,sackOK>
11:34:00.555483 IP 172.16.1.254 > squid.beachbooks.org: GREv0, length 52:
gre-proto-0x883e
11:34:00.555517 IP squid.beachbooks.org > 172.16.1.45: ICMP time exceeded
in-transit, length 56
11:34:04.386134 IP squid.beachbooks.org.dls-monitor >
172.16.1.254.dls-monitor: UDP, length 52
11:34:04.389891 IP 172.16.1.254.dls-monitor >
squid.beachbooks.org.dls-monitor: UDP, length 64

Here's my config info. Perhaps someone wiser could point me in a direction
to try?

--------------------------------------

OpenSuse 10.1 x86 (Kernel 2.6.16) (installed from downloaded CDs, no kernel
customization) Cisco 3620 with IOS Version 12.2(15)T17 Squid
squid-2.5.STABLE14 built from source with '--enable-linux-netfilter'

Instructions I'm following:
====
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy

(I've actually been using several sources, but the link above seems pretty
definitive.)

Relevant IPs:
====

172.16.1.254 (the internal router port, where both squid and the clients
reside) 172.16.50.254 (router port that points to the outside world)
172.16.1.171 (squid host, has only a single interface)

squid.conf (relevant stuff):
====

http_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
wccp_router 172.16.1.254

Linux config stuff
====
echo `1` > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128 ip tunnel add wccp0 mode gre remote 172.16.1.254 local
172.16.1.171 dev eth0 ip addr add 172.16.1.171/24 dev wccp0 ip link set
wccp0 up

Cisco router stuff
====
config t
ip wccp version 1
ip wccp web-cache redirect-list 150
access-list 150 permit tcp host 172.16.1.45 any
access-list 150 deny tcp any any

config t int eth1/2 (the 172.16.50.254 interface)
ip wccp web-cache redirect-list 150 (I want to get squid working on a test
workstation, before I point everyone to it)

Wade Guidry, MCSE, Network+
Systems Manager, Coastal Resource Sharing Network
503.801.2073
wade@beachbooks.org
http://crsn.beachbooks.org
Received on Tue Jun 13 2006 - 12:51:04 MDT