[squid-users] Help with WCCP: Cisco 1841 to Squid 3.5.25 on Ubuntu 16
Amos Jeffries
squid3 at treenet.co.nz
Wed May 9 05:15:03 UTC 2018
On 09/05/18 16:59, Ilias Clifton wrote:
>
> Hi Alex,
>
> On the wccp0 interface I only see traffic arriving in 1 direction - original client ip to destination ip.
>
> The ubuntu box only has a single ethernet interface - Sorry, that should have been in my original question. I see the gre traffic arriving from the router, but again - no response.
>
> I tried adding a MASQUERADE line to the iptables rules, just to see if it made a difference.. but same result.
>
The MASQUERADE (or an equivalent SNAT) on the reply traffic going from
Squid back to the router is *definitely* needed to balance the REDIRECT
rule. Otherwise the router will reject or mishandle packets Squid sends
over the gre when you do get that part working.
>
> Sent: Wednesday, May 09, 2018 at 2:37 PM
> From: "Alex K"
>
> When I try and browse to a site from a client..
> $ wget http://www.google.com[http://www.google.com]
>
> On the Ubuntu box, I see gre traffic on the ethernet interface..
> 00:44:22.340734 IP 172.28.28.33 > 172.28.28.252[http://172.28.28.252]: GREv0, length 72: gre-proto-0x883e
>
>
> I see the un-encapsulated traffic on the wccp0 interface:
> 00:56:26.888519 IP 172.28.29.4.52128 > 216.58.203.100.80
>
> Which is correctly showing original client IP and destination IP.
>
> I can see hits on the iptable redirect rule:
> pkts bytes target prot opt in out source destination
> 429 26280 REDIRECT tcp -- wccp0 any anywhere anywhere tcp dpt:http redir ports 3129
>
>
> But there is no response from squid on the Ubuntu box :-(
Is there outbound Squid<->server traffic happening? and what does that
look like?
Amos
More information about the squid-users
mailing list