[squid-users] help for my intercept proxy setup
Yuri Voinov
yvoinov at gmail.com
Tue Apr 26 22:07:14 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Note this:
# TAG: wccp2_forwarding_method
# WCCP2 allows the setting of forwarding methods between the
# router/switch and the cache. Valid values are as follows:
#
# gre - GRE encapsulation (forward the packet in a GRE/WCCP tunnel)
# l2 - L2 redirect (forward the packet using Layer 2/MAC rewriting)
#
# Currently (as of IOS 12.4) cisco routers only support GRE.
# Cisco switches only support the L2 redirect assignment method.
#Default:
# wccp2_forwarding_method gre
iOS 15.x has switch functionality. As by as most Sicso's modern routers:
scilla#sho cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
Gig 0/1 152 R B S CISCO2901 Gig 0/1
27.04.16 4:01, Maile Halatuituia пишет:
> wccp2_router 10.240.0.254
> wccp_version 4
> wccp2_forwarding_method gre
> wccp2_return_method gre
> wccp2_rebuild_wait off
> wccp2_assignment_method hash
> wccp2_service standard 0
> wccp2_service dynamic 70
> wccp2_service_info 70 protocol=tcp
flags=dst_ip_hash,src_ip_alt_hash,src_port_alt_hash priority=240
ports=443,80
> always_direct allow all
> thanks
> ________________________________________
> From: squid-users <squid-users-bounces at lists.squid-cache.org> on
behalf of Yuri Voinov <yvoinov at gmail.com>
> Sent: Wednesday, April 27, 2016 10:57 AM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] help for my intercept proxy setup
>
> Show WCCP section of yout squid.conf please.
>
>
> 27.04.16 3:05, maileh пишет:
> > Hi
> > Here is my router wccp config
> > In global config i enable ip wccp
> > #ip wccp web-cache redirect-list WCCP_HTTP
> > #ip wccp 70 redirect-list WCCP_HTTPS
> > Interface facing my Clients and also Squid is in the same subnet
>
> > int g0/0.904
> > ip wccp web-cache redirect out
> > ip wccp 70 redirect out.
>
> > Verification
>
> > #sh ip wccp sum
> > WCCP version 2 enabled, 2 services
>
> > Service Clients Routers Assign Redirect Bypass
> > ------- ------- ------- ------ -------- ------
> > Default routing table (Router Id: x.x.x.x):
> > web-cache 1 1 HASH GRE GRE
> > 70 1 1 HASH GRE GRE
>
> > #sh tunnel groups wccp
> > WCCP : service group 0 in "Default", ver v2, assgnmnt: hash-table
> > intf: Tunnel2, locally sourced
> > WCCP : service group 326 in "Default", ver v2, assgnmnt: hash-table
> > intf: Tunnel0, locally sourced
>
> > #sh adjacency tunnel 0 detail
> > Protocol Interface Address
> > IP Tunnel0 10.240.0.30(3)
> > connectionid 1
> > 0 packets, 0 bytes
> > epoch 0
> > sourced in sev-epoch 31
> > Encap length 28
> > 4500000000000000FF2FC732CA861F08
> > 0AF0001E0000883E01460000
> > Tun endpt
> > Next chain element:
> > IP adj out of
GigabitEthernet0/0.904,
> > addr 10.240.0.30
> > #sh adjacency tunnel 2 detail
> > Protocol Interface Address
> > IP Tunnel2 10.240.0.30(3)
> > connectionid 1
> > 0 packets, 0 bytes
> > epoch 0
> > sourced in sev-epoch 32
> > Encap length 28
> > 4500000000000000FF2FC732CA861F08
> > 0AF0001E0000883E00000000
> > Tun endpt
> > Next chain element:
> > IP adj out of
GigabitEthernet0/0.904,
> > addr 10.240.0.30
> > #sh ip wccp web-cache detail
> > WCCP Client information:
> > WCCP Client ID: 10.240.0.30
> > Protocol Version: 2.0
> > State: Usable
> > Redirection: GRE
> > Packet Return: GRE
> > Assignment: HASH
> > Initial Hash Info: 00000000000000000000000000000000
> > 00000000000000000000000000000000
> > Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > Hash Allotment: 256 (100.00%)
> > Packets s/w Redirected: 0
> > Connect Time: 00:08:42
> > GRE Bypassed Packets
> > Process: 0
> > CEF: 0
> > Errors: 0
> > If you can see all seems to be established between the router and
> squid box
> > but no PACKET has been redirected.
> > For my IOS
> > ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
>
> > It's been over two weeks now and i seems to looking everywhere but no
> luck.
> > Also here is my iptables rules for you info whch run on ubuntu 14.04
with
> > squid
>
> > # squid -v
> > Squid Cache: Version 3.5.16
> > Service Name: squid
> > Intercept/WCCPv2/LibreSSL/CRTD/(A)UFS/DISKD/ROCK/eCAP/64/GCC Production
> > configure options: '--prefix=/usr/local' '--enable-translation'
> > '--enable-external-acl-helpers=none'
> '--enable-storeio=ufs,aufs,diskd,rock'
> > '--enable-removal-policies=lru,heap' '--enable-wccp2'
> > '--enable-follow-x-forwarded-for' '--enable-cache-digests'
> > '--enable-auth-negotiate=none' '--disable-auth-digest'
> '--disable-auth-ntlm'
> > '--disable-url-rewrite-helpers' '--enable-storeid-rewrite-helpers=file'
> > '--enable-log-daemon-helpers=file' '--with-openssl=/usr/local'
> > '--enable-ssl' '--enable-ssl-crtd' '--enable-zph-qos' '--enable-snmp'
> > '--enable-inline' '--with-dl'
> '--with-build-environment=POSIX_V6_LP64_OFF64'
> > 'CFLAGS=-O3 -m64 -pipe' 'CXXFLAGS=-O3 -m64 -pipe'
> > 'LIBOPENSSL_CFLAGS=-I/usr/local/include'
> > 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig'
> '--disable-strict-error-checking'
>
>
'--enable-build-info=Intercept/WCCPv2/LibreSSL/CRTD/(A)UFS/DISKD/ROCK/eCAP/64/GCC
> > Production'
> > IPtables Rules for redirection to squid ports
> > -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports
> 3127
> > -A PREROUTING -i wccp0 -p tcp -m tcp --dport 443 -j REDIRECT
> --to-ports 3129
> > -A POSTROUTING -j MASQUERADE
>
>
> > Appreciate you kind asistance ....
> > hanks in advance
> > Maile
>
>
>
> > --
> > View this message in context:
>
http://squid-web-proxy-cache.1019090.n4.nabble.com/help-for-my-intercept-proxy-setup-tp4677279.html
> > Sent from the Squid - Users mailing list archive at Nabble.com.
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
> Confidentiality Notice: This email (including any attachment) is
intended for internal use only. Any unauthorized use, dissemination or
copying of the content is prohibited. If you are not the intended
recipient and have received this e-mail in error, please notify the
sender by email and delete this email and any attachment.
> Confidentiality Notice: This email (including any attachment) is
intended for internal use only. Any unauthorized use, dissemination or
copying of the content is prohibited. If you are not the intended
recipient and have received this e-mail in error, please notify the
sender by email and delete this email and any attachment.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXH+aSAAoJENNXIZxhPexGKQMH/j/cG/jTnbol7r83SbVMUs7t
FO8S98Hx+Sq79Hbfs8EJUxpNPG0k7y7HnvgJEbGSbU/Rn31neJ1/vzU/a+zmVdEs
5JiLkDXYueBvwvf9kapY24tXcspeEDKi1UkHIDDwyR79yA9il5CCxb1sTNWNKWVp
IkBkkmbsVpD1FO1pPB6hF8U8zZe6E9WI2drCguNvqJSsMY/a9ByrhcEbODDMxQBR
D3UyxzwVgm+QnKIFuyc+Adxf0fTAakqzk1KIreCAfmethBZ7TYtA/8TSHo+gzmri
JWXjrquqd7pxfLHdOzWjfIJm6vXUMsi7RcHPwP2SWbsx15dGyoEkVxz2U1rwArE=
=3K52
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160427/6fafcb38/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160427/6fafcb38/attachment.key>
More information about the squid-users
mailing list