[squid-users] Help with WCCP: Cisco 1841 to Squid 3.5.25 on Ubuntu 16

Amos Jeffries squid3 at treenet.co.nz
Wed May 9 05:15:03 UTC 2018


On 09/05/18 16:59, Ilias Clifton wrote:
> 
>  Hi Alex,
> 
> On the wccp0 interface I only see traffic arriving in 1 direction - original client ip to destination ip.
> 
> The ubuntu box only has a single ethernet interface -  Sorry, that should have been in my original question. I see the gre traffic arriving from the router, but again - no response.
> 
> I tried adding a MASQUERADE line to the iptables rules, just to see if it made a difference.. but same result.
> 

The MASQUERADE (or an equivalent SNAT) on the reply traffic going from
Squid back to the router is *definitely* needed to balance the REDIRECT
rule. Otherwise the router will reject or mishandle packets Squid sends
over the gre when you do get that part working.



> 
> Sent: Wednesday, May 09, 2018 at 2:37 PM
> From: "Alex K"
> 
> When I try and browse to a site from a client..
> $ wget http://www.google.com[http://www.google.com]
> 
> On the Ubuntu box, I see gre traffic on the ethernet interface..
> 00:44:22.340734 IP 172.28.28.33 > 172.28.28.252[http://172.28.28.252]: GREv0, length 72: gre-proto-0x883e
> 
> 
> I see the un-encapsulated traffic on the wccp0 interface:
> 00:56:26.888519 IP 172.28.29.4.52128 > 216.58.203.100.80
> 
> Which is correctly showing original client IP and destination IP.
> 
> I can see hits on the iptable redirect rule:
> pkts bytes target     prot opt in     out     source               destination         
>   429 26280 REDIRECT   tcp  --  wccp0  any     anywhere             anywhere             tcp dpt:http redir ports 3129
> 
> 
> But there is no response from squid on the Ubuntu box :-(

Is there outbound Squid<->server traffic happening? and what does that
look like?

Amos


More information about the squid-users mailing list