[squid-users] help for my intercept proxy setup

maileh maile.halatuituia at tcc.to
Tue Apr 26 21:27:45 UTC 2016


wccp2_router 10.240.0.254
wccp_version 4
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_rebuild_wait off
wccp2_assignment_method hash
wccp2_service standard 0
wccp2_service dynamic 70
wccp2_service_info 70 protocol=tcp flags=dst_ip_hash,src_ip_alt_hash,src_port_alt_hash priority=240 ports=443,80
always_direct allow all

​
thanks


________________________________
From: Yuri Voinov [via Squid Web Proxy Cache] <ml-node+s1019090n4677280h0 at n4.nabble.com>
Sent: Wednesday, April 27, 2016 10:24 AM
To: Maile Halatuituia
Subject: Re: help for my intercept proxy setup


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Show WCCP section of yout squid.conf please.


27.04.16 3:05, maileh пишет:

> Hi
> Here is my router wccp config
> In global config i enable ip wccp
> #ip wccp web-cache redirect-list WCCP_HTTP
> #ip wccp 70 redirect-list WCCP_HTTPS
> Interface facing my Clients and also Squid is in the same subnet
>
> int g0/0.904
> ip wccp web-cache redirect out
> ip wccp 70 redirect out.
>
> Verification
>
> #sh ip wccp sum
> WCCP version 2 enabled, 2 services
>
> Service     Clients   Routers   Assign      Redirect   Bypass
> -------     -------   -------   ------      --------   ------
> Default routing table (Router Id: x.x.x.x):
> web-cache   1         1         HASH        GRE        GRE
> 70                  1         1         HASH        GRE        GRE
>
> #sh tunnel groups wccp
>  WCCP : service group 0 in "Default", ver v2, assgnmnt: hash-table
>    intf: Tunnel2, locally sourced
>  WCCP : service group 326 in "Default", ver v2, assgnmnt: hash-table
>    intf: Tunnel0, locally sourced
>
> #sh adjacency tunnel 0 detail
> Protocol Interface                 Address
> IP       Tunnel0                   10.240.0.30(3)
>                                    connectionid 1
>                                    0 packets, 0 bytes
>                                    epoch 0
>                                    sourced in sev-epoch 31
>                                    Encap length 28
>                                    4500000000000000FF2FC732CA861F08
>                                    0AF0001E0000883E01460000
>                                    Tun endpt
>                                    Next chain element:
>                                     IP adj out of GigabitEthernet0/0.904,
> addr 10.240.0.30
> #sh adjacency tunnel 2 detail
>     Protocol Interface                 Address
> IP       Tunnel2                   10.240.0.30(3)
>                                    connectionid 1
>                                    0 packets, 0 bytes
>                                    epoch 0
>                                    sourced in sev-epoch 32
>                                    Encap length 28
>                                    4500000000000000FF2FC732CA861F08
>                                    0AF0001E0000883E00000000
>                                    Tun endpt
>                                    Next chain element:
>                                     IP adj out of GigabitEthernet0/0.904,
> addr 10.240.0.30
> #sh ip wccp web-cache detail
> WCCP Client information:
>         WCCP Client ID:          10.240.0.30
>         Protocol Version:        2.0
>         State:                   Usable
>         Redirection:             GRE
>         Packet Return:           GRE
>         Assignment:              HASH
>         Initial Hash Info:       00000000000000000000000000000000
>                                  00000000000000000000000000000000
>         Assigned Hash Info:      FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>                                  FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>         Hash Allotment:          256 (100.00%)
>         Packets s/w Redirected:  0
>         Connect Time:            00:08:42
>         GRE Bypassed Packets
>           Process:               0
>           CEF:                   0
>           Errors:                0
> If you can see all seems to be established between the router and
squid box
> but no PACKET has been redirected.
> For my IOS
> ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
>
> It's been over two weeks now and i seems to looking everywhere but no
luck.
> Also here is my iptables rules for you info whch run on ubuntu 14.04 with
> squid
>
> # squid -v
> Squid Cache: Version 3.5.16
> Service Name: squid
> Intercept/WCCPv2/LibreSSL/CRTD/(A)UFS/DISKD/ROCK/eCAP/64/GCC Production
> configure options:  '--prefix=/usr/local' '--enable-translation'
> '--enable-external-acl-helpers=none'
'--enable-storeio=ufs,aufs,diskd,rock'
> '--enable-removal-policies=lru,heap' '--enable-wccp2'
> '--enable-follow-x-forwarded-for' '--enable-cache-digests'
> '--enable-auth-negotiate=none' '--disable-auth-digest'
'--disable-auth-ntlm'
> '--disable-url-rewrite-helpers' '--enable-storeid-rewrite-helpers=file'
> '--enable-log-daemon-helpers=file' '--with-openssl=/usr/local'
> '--enable-ssl' '--enable-ssl-crtd' '--enable-zph-qos' '--enable-snmp'
> '--enable-inline' '--with-dl'
'--with-build-environment=POSIX_V6_LP64_OFF64'
> 'CFLAGS=-O3 -m64 -pipe' 'CXXFLAGS=-O3 -m64 -pipe'
> 'LIBOPENSSL_CFLAGS=-I/usr/local/include'
> 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig'
'--disable-strict-error-checking'
>
'--enable-build-info=Intercept/WCCPv2/LibreSSL/CRTD/(A)UFS/DISKD/ROCK/eCAP/64/GCC
> Production'
> IPtables Rules for redirection to squid ports
> -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports
3127
> -A PREROUTING -i wccp0 -p tcp -m tcp --dport 443 -j REDIRECT
--to-ports 3129

> -A POSTROUTING -j MASQUERADE
>
>
> Appreciate you kind asistance ....
> hanks in advance
> Maile
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/help-for-my-intercept-proxy-setup-tp4677279.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> [hidden email]</user/SendEmail.jtp?type=node&node=4677280&i=0>
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXH+RBAAoJENNXIZxhPexG174H/3r5IBojH3EKdMCMknRQjwD3
RVrM29M9K3VQX4U2UXj8RVYoBWju+X4NQDtDn/k21Zd3albE/L9bFP0fmPEMb1z1
r0hPUoskPBFqXXYUp6NZ4Yi8TNbbvgvbJ1tGWeMdPWaoE/qvv1tqAKBHeGCCcM2A
P67chV8418cUsTqRyOYCKF9ad4fj1FobWRr9/o826PQ+azCVN0xDD3BjswB8DAzE
i+ZCHCIAEOyCwis84nFb2EqvKGnlqN64WrOkJ6IkFHKxuWg8PTqWnj+NZmMuzhkf
VsMvKrVxd/w9Eh1T6xW0CGfxG/B9V8bCXId0ez0NPyLr/H7kiFqYPNlWZyzCBIw=
=G5AM
-----END PGP SIGNATURE-----


_______________________________________________
squid-users mailing list
[hidden email]</user/SendEmail.jtp?type=node&node=4677280&i=1>
http://lists.squid-cache.org/listinfo/squid-users

[http://squid-web-proxy-cache.1019090.n4.nabble.com/images/icon_attachment.gif] 0x613DEC46.asc (2K) Download Attachment<http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4677280/0/0x613DEC46.asc>


________________________________
If you reply to this email, your message will be added to the discussion below:
http://squid-web-proxy-cache.1019090.n4.nabble.com/help-for-my-intercept-proxy-setup-tp4677279p4677280.html
To unsubscribe from help for my intercept proxy setup, click here<http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4677279&code=bWFpbGUuaGFsYXR1aXR1aWFAdGNjLnRvfDQ2NzcyNzl8LTEwMTI1NzgwODY=>.
NAML<http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/help-for-my-intercept-proxy-setup-tp4677279p4677281.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list