[squid-users] help for my intercept proxy setup

Tue Apr 26 22:04:42 UTC 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

27.04.16 3:27, maileh пишет:
> wccp_version 4

#    This directive is only relevant if you need to set up WCCP(v1)
#    to some very old and end-of-life Cisco routers. In all other
#    setups it must be left unset or at the default setting.
#    It defines an internal version in the WCCP(v1) protocol,
#    with version 4 being the officially documented protocol.
#
#    According to some users, Cisco IOS 11.2 and earlier only
#    support WCCP version 3.  If you're using that or an earlier
#    version of IOS, you may need to change this value to 3, otherwise
#    do not specify this parameter.
#Default:
# wccp_version 4

> wccp2_forwarding_method gre
> wccp2_return_method gre

Well, does you configure GRE on your proxy box?

> always_direct allow all

This can be irrelewant your rest config.
>
> 
> thanks
>
>
> ________________________________
> From: Yuri Voinov [via Squid Web Proxy Cache]
<ml-node+s1019090n4677280h0 at n4.nabble.com>
> Sent: Wednesday, April 27, 2016 10:24 AM
> To: Maile Halatuituia
> Subject: Re: help for my intercept proxy setup
>
>
> Show WCCP section of yout squid.conf please.
>
>
> 27.04.16 3:05, maileh пишет:
>
> > Hi
> > Here is my router wccp config
> > In global config i enable ip wccp
> > #ip wccp web-cache redirect-list WCCP_HTTP
> > #ip wccp 70 redirect-list WCCP_HTTPS
> > Interface facing my Clients and also Squid is in the same subnet
>
> > int g0/0.904
> > ip wccp web-cache redirect out
> > ip wccp 70 redirect out.
>
> > Verification
>
> > #sh ip wccp sum
> > WCCP version 2 enabled, 2 services
>
> > Service     Clients   Routers   Assign      Redirect   Bypass
> > -------     -------   -------   ------      --------   ------
> > Default routing table (Router Id: x.x.x.x):
> > web-cache   1         1         HASH        GRE        GRE
> > 70                  1         1         HASH        GRE        GRE
>
> > #sh tunnel groups wccp
> >  WCCP : service group 0 in "Default", ver v2, assgnmnt: hash-table
> >    intf: Tunnel2, locally sourced
> >  WCCP : service group 326 in "Default", ver v2, assgnmnt: hash-table
> >    intf: Tunnel0, locally sourced
>
> > #sh adjacency tunnel 0 detail
> > Protocol Interface                 Address
> > IP       Tunnel0                   10.240.0.30(3)
> >                                    connectionid 1
> >                                    0 packets, 0 bytes
> >                                    epoch 0
> >                                    sourced in sev-epoch 31
> >                                    Encap length 28
> >                                    4500000000000000FF2FC732CA861F08
> >                                    0AF0001E0000883E01460000
> >                                    Tun endpt
> >                                    Next chain element:
> >                                     IP adj out of
GigabitEthernet0/0.904,
> > addr 10.240.0.30
> > #sh adjacency tunnel 2 detail
> >     Protocol Interface                 Address
> > IP       Tunnel2                   10.240.0.30(3)
> >                                    connectionid 1
> >                                    0 packets, 0 bytes
> >                                    epoch 0
> >                                    sourced in sev-epoch 32
> >                                    Encap length 28
> >                                    4500000000000000FF2FC732CA861F08
> >                                    0AF0001E0000883E00000000
> >                                    Tun endpt
> >                                    Next chain element:
> >                                     IP adj out of
GigabitEthernet0/0.904,
> > addr 10.240.0.30
> > #sh ip wccp web-cache detail
> > WCCP Client information:
> >         WCCP Client ID:          10.240.0.30
> >         Protocol Version:        2.0
> >         State:                   Usable
> >         Redirection:             GRE
> >         Packet Return:           GRE
> >         Assignment:              HASH
> >         Initial Hash Info:       00000000000000000000000000000000
> >                                  00000000000000000000000000000000
> >         Assigned Hash Info:      FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> >                                  FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> >         Hash Allotment:          256 (100.00%)
> >         Packets s/w Redirected:  0
> >         Connect Time:            00:08:42
> >         GRE Bypassed Packets
> >           Process:               0
> >           CEF:                   0
> >           Errors:                0
> > If you can see all seems to be established between the router and
> squid box
> > but no PACKET has been redirected.
> > For my IOS
> > ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
>
> > It's been over two weeks now and i seems to looking everywhere but no
> luck.
> > Also here is my iptables rules for you info whch run on ubuntu 14.04
with
> > squid
>
> > # squid -v
> > Squid Cache: Version 3.5.16
> > Service Name: squid
> > Intercept/WCCPv2/LibreSSL/CRTD/(A)UFS/DISKD/ROCK/eCAP/64/GCC Production
> > configure options:  '--prefix=/usr/local' '--enable-translation'
> > '--enable-external-acl-helpers=none'
> '--enable-storeio=ufs,aufs,diskd,rock'
> > '--enable-removal-policies=lru,heap' '--enable-wccp2'
> > '--enable-follow-x-forwarded-for' '--enable-cache-digests'
> > '--enable-auth-negotiate=none' '--disable-auth-digest'
> '--disable-auth-ntlm'
> > '--disable-url-rewrite-helpers' '--enable-storeid-rewrite-helpers=file'
> > '--enable-log-daemon-helpers=file' '--with-openssl=/usr/local'
> > '--enable-ssl' '--enable-ssl-crtd' '--enable-zph-qos' '--enable-snmp'
> > '--enable-inline' '--with-dl'
> '--with-build-environment=POSIX_V6_LP64_OFF64'
> > 'CFLAGS=-O3 -m64 -pipe' 'CXXFLAGS=-O3 -m64 -pipe'
> > 'LIBOPENSSL_CFLAGS=-I/usr/local/include'
> > 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig'
> '--disable-strict-error-checking'
>
>
'--enable-build-info=Intercept/WCCPv2/LibreSSL/CRTD/(A)UFS/DISKD/ROCK/eCAP/64/GCC
> > Production'
> > IPtables Rules for redirection to squid ports
> > -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports
> 3127
> > -A PREROUTING -i wccp0 -p tcp -m tcp --dport 443 -j REDIRECT
> --to-ports 3129
>
> > -A POSTROUTING -j MASQUERADE
>
>
> > Appreciate you kind asistance ....
> > hanks in advance
> > Maile
>
>
>
> > --
> > View this message in context:
>
http://squid-web-proxy-cache.1019090.n4.nabble.com/help-for-my-intercept-proxy-setup-tp4677279.html
> > Sent from the Squid - Users mailing list archive at Nabble.com.
> > _______________________________________________
> > squid-users mailing list
> > [hidden email]</user/SendEmail.jtp?type=node&node=4677280&i=0>
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]</user/SendEmail.jtp?type=node&node=4677280&i=1>
> http://lists.squid-cache.org/listinfo/squid-users
>
>
[http://squid-web-proxy-cache.1019090.n4.nabble.com/images/icon_attachment.gif]
0x613DEC46.asc (2K) Download
Attachment<http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4677280/0/0x613DEC46.asc>
>
>
> ________________________________
> If you reply to this email, your message will be added to the
discussion below:
>
http://squid-web-proxy-cache.1019090.n4.nabble.com/help-for-my-intercept-proxy-setup-tp4677279p4677280.html
> To unsubscribe from help for my intercept proxy setup, click
here<http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4677279&code=bWFpbGUuaGFsYXR1aXR1aWFAdGNjLnRvfDQ2NzcyNzl8LTEwMTI1NzgwODY=>.
>
NAML<http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
> Confidentiality Notice: This email (including any attachment) is
intended for internal use only. Any unauthorized use, dissemination or
copying of the content is prohibited. If you are not the intended
recipient and have received this e-mail in error, please notify the
sender by email and delete this email and any attachment.
> Confidentiality Notice: This email (including any attachment) is
intended for internal use only. Any unauthorized use, dissemination or
copying of the content is prohibited. If you are not the intended
recipient and have received this e-mail in error, please notify the
sender by email and delete this email and any attachment.
>
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/help-for-my-intercept-proxy-setup-tp4677279p4677281.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXH+X6AAoJENNXIZxhPexG6Y4IAJuMLCthWf0MPkuWRuCaIySC
DZ12K5UXb/CU4tFBaHRIwCOAUavrwqb4NpZ2pdAZuBjbQPijc2WUwnLQGIuffHqo
1Z7NTkAgt28ioYXv7s/p1BOFKGFKCg98xioEPs02Zr806k7sH2IyMRWUYoO3ZJrg
abYtxLUAzZMP0zDNxF+Fz01YOwcy35yOXZQlKjihWoGYtYmzRztLzG/DUcNKQ3oL
v2eFM8n0B3+/0BR9SKQLFDFNyRjRnoU8YUxAFWwbBLLRgl8tTKrAmFm2RvqI66S5
1ovX4ixJZ0qvPaRqE7bgiAzvdR88cy0hrgEhBAbVnVVkWq5HyQ8NX2kr/AVZPiM=
=2sqc
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160427/a9ea1585/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160427/a9ea1585/attachment-0001.key>