[squid-users] help for my intercept proxy setup
Yuri Voinov
yvoinov at gmail.com
Tue Apr 26 21:57:21 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Show WCCP section of yout squid.conf please.
27.04.16 3:05, maileh пишет:
> Hi
> Here is my router wccp config
> In global config i enable ip wccp
> #ip wccp web-cache redirect-list WCCP_HTTP
> #ip wccp 70 redirect-list WCCP_HTTPS
> Interface facing my Clients and also Squid is in the same subnet
>
> int g0/0.904
> ip wccp web-cache redirect out
> ip wccp 70 redirect out.
>
> Verification
>
> #sh ip wccp sum
> WCCP version 2 enabled, 2 services
>
> Service Clients Routers Assign Redirect Bypass
> ------- ------- ------- ------ -------- ------
> Default routing table (Router Id: x.x.x.x):
> web-cache 1 1 HASH GRE GRE
> 70 1 1 HASH GRE GRE
>
> #sh tunnel groups wccp
> WCCP : service group 0 in "Default", ver v2, assgnmnt: hash-table
> intf: Tunnel2, locally sourced
> WCCP : service group 326 in "Default", ver v2, assgnmnt: hash-table
> intf: Tunnel0, locally sourced
>
> #sh adjacency tunnel 0 detail
> Protocol Interface Address
> IP Tunnel0 10.240.0.30(3)
> connectionid 1
> 0 packets, 0 bytes
> epoch 0
> sourced in sev-epoch 31
> Encap length 28
> 4500000000000000FF2FC732CA861F08
> 0AF0001E0000883E01460000
> Tun endpt
> Next chain element:
> IP adj out of GigabitEthernet0/0.904,
> addr 10.240.0.30
> #sh adjacency tunnel 2 detail
> Protocol Interface Address
> IP Tunnel2 10.240.0.30(3)
> connectionid 1
> 0 packets, 0 bytes
> epoch 0
> sourced in sev-epoch 32
> Encap length 28
> 4500000000000000FF2FC732CA861F08
> 0AF0001E0000883E00000000
> Tun endpt
> Next chain element:
> IP adj out of GigabitEthernet0/0.904,
> addr 10.240.0.30
> #sh ip wccp web-cache detail
> WCCP Client information:
> WCCP Client ID: 10.240.0.30
> Protocol Version: 2.0
> State: Usable
> Redirection: GRE
> Packet Return: GRE
> Assignment: HASH
> Initial Hash Info: 00000000000000000000000000000000
> 00000000000000000000000000000000
> Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> Hash Allotment: 256 (100.00%)
> Packets s/w Redirected: 0
> Connect Time: 00:08:42
> GRE Bypassed Packets
> Process: 0
> CEF: 0
> Errors: 0
> If you can see all seems to be established between the router and
squid box
> but no PACKET has been redirected.
> For my IOS
> ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
>
> It's been over two weeks now and i seems to looking everywhere but no
luck.
> Also here is my iptables rules for you info whch run on ubuntu 14.04 with
> squid
>
> # squid -v
> Squid Cache: Version 3.5.16
> Service Name: squid
> Intercept/WCCPv2/LibreSSL/CRTD/(A)UFS/DISKD/ROCK/eCAP/64/GCC Production
> configure options: '--prefix=/usr/local' '--enable-translation'
> '--enable-external-acl-helpers=none'
'--enable-storeio=ufs,aufs,diskd,rock'
> '--enable-removal-policies=lru,heap' '--enable-wccp2'
> '--enable-follow-x-forwarded-for' '--enable-cache-digests'
> '--enable-auth-negotiate=none' '--disable-auth-digest'
'--disable-auth-ntlm'
> '--disable-url-rewrite-helpers' '--enable-storeid-rewrite-helpers=file'
> '--enable-log-daemon-helpers=file' '--with-openssl=/usr/local'
> '--enable-ssl' '--enable-ssl-crtd' '--enable-zph-qos' '--enable-snmp'
> '--enable-inline' '--with-dl'
'--with-build-environment=POSIX_V6_LP64_OFF64'
> 'CFLAGS=-O3 -m64 -pipe' 'CXXFLAGS=-O3 -m64 -pipe'
> 'LIBOPENSSL_CFLAGS=-I/usr/local/include'
> 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig'
'--disable-strict-error-checking'
>
'--enable-build-info=Intercept/WCCPv2/LibreSSL/CRTD/(A)UFS/DISKD/ROCK/eCAP/64/GCC
> Production'
> IPtables Rules for redirection to squid ports
> -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports
3127
> -A PREROUTING -i wccp0 -p tcp -m tcp --dport 443 -j REDIRECT
--to-ports 3129
> -A POSTROUTING -j MASQUERADE
>
>
> Appreciate you kind asistance ....
> hanks in advance
> Maile
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/help-for-my-intercept-proxy-setup-tp4677279.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXH+RBAAoJENNXIZxhPexG174H/3r5IBojH3EKdMCMknRQjwD3
RVrM29M9K3VQX4U2UXj8RVYoBWju+X4NQDtDn/k21Zd3albE/L9bFP0fmPEMb1z1
r0hPUoskPBFqXXYUp6NZ4Yi8TNbbvgvbJ1tGWeMdPWaoE/qvv1tqAKBHeGCCcM2A
P67chV8418cUsTqRyOYCKF9ad4fj1FobWRr9/o826PQ+azCVN0xDD3BjswB8DAzE
i+ZCHCIAEOyCwis84nFb2EqvKGnlqN64WrOkJ6IkFHKxuWg8PTqWnj+NZmMuzhkf
VsMvKrVxd/w9Eh1T6xW0CGfxG/B9V8bCXId0ez0NPyLr/H7kiFqYPNlWZyzCBIw=
=G5AM
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160427/7d74fd32/attachment.key>
More information about the squid-users
mailing list