From owner-freebsd-net@FreeBSD.ORG Fri Mar 16 17:09:05 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DD4F61065672 for ; Fri, 16 Mar 2012 17:09:05 +0000 (UTC) (envelope-from ded1@MyBSD.org.my) Received: from kasumi.nsc.gov.my (megatron.nsc.gov.my [115.133.176.102]) by mx1.freebsd.org (Postfix) with ESMTP id 118E98FC12 for ; Fri, 16 Mar 2012 17:09:04 +0000 (UTC) Received: from kasumi.nsc.gov.my (localhost [127.0.0.1]) by kasumi.nsc.gov.my (Postfix) with ESMTP id CAE9660ADCE for ; Sat, 17 Mar 2012 01:09:02 +0800 (MYT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mybsd.org.my; h= from:content-type:content-transfer-encoding:subject:date :message-id:to:mime-version; s=outbound; bh=cY5mgbwKS86ngOPJOrfF aTMr0bsr5BxQK+KU7I/6Z50=; b=hzKOtTAcle+ta52ROpX6YnLUB6CvsjjeeW+Z LfQ74IFgdhczGZGTRRm3u1HbwG9ulis4Vx9+gAXj51vSXT7aQbEFNHqsbBJrWmq2 Sdz+Kg39j+w1nvNjJlXklxCzesZlN8gR7Op7bKqEUyB1J45Gun5M+oHfK7t3l1gE TJ9rAm0= Received: from [192.168.2.155] (unknown [175.136.227.138]) by kasumi.nsc.gov.my (Postfix) with ESMTPA id 93ECB60ACE6 for ; Sat, 17 Mar 2012 01:09:02 +0800 (MYT) From: Ahmad Faisal Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sat, 17 Mar 2012 01:09:21 +0800 Message-Id: <94A1A00F-B80B-47EC-829B-E84E552F2E95@MyBSD.org.my> To: freebsd-net@freebsd.org Mime-Version: 1.0 (Apple Message framework v1082.1) X-Mailer: Apple Mail (2.1082.1) Subject: Problem with FreeBSD working with squid and WCCPv2 Cisco 6500 series X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Mar 2012 17:09:05 -0000 Hi, i have some query and would like to ask anyone on squid with cisco catalyst 6500 switch with wccpv2 My setup: - squid2.7-stable9 on freebsd 7.2-RELEASE - cisco switch catalyst 6500 with ios 12.2(33)SXJ1 Internet | | --------- Cisco FWSM firewall | | | | | cisco switch catalyst 6500 (Core switch) 10.4.10.1 DMZ Segment | | | | Internal LAN (10.0.0.0/8) | | | | Squid box User (202.188.244.8) FreeBSD conf : ------------------------ ifconfig gre0 ------------- gre0: flags=d051 metric 0 mtu 1476 tunnel inet 202.188.244.8 --> 10.4.10.1 inet 202.188.244.8 --> 192.168.249.2 netmask 0xffffffff ipnat rules: ---------------- rdr bce0 0.0.0.0/0 port 80 -> 202.188.244.8 port 7788 rdr bce0 0.0.0.0/0 port 443 -> 202.188.244.8 port 7788 rdr gre0 0.0.0.0/0 port 80 -> 202.188.244.8 port 7788 rdr gre0 0.0.0.0/0 port 443 -> 202.188.244.8 port 7788 ipf rules: ------------- pass in log first on gre0 all pass out log first on gre0 all pass in log first on bce0 all pass out log first on bce0 all /etc/rc.conf ----------------- ifconfig_bce0="inet 202.188.244.8 netmask 255.255.255.0" cloned_interfaces="gre0" ifconfig_gre0="inet 202.188.244.8 192.168.249.2 netmask 255.255.255.255 link2 tunnel 202.188.244.8 10.4.10.1 up" sysctl.conf -------------- net.inet.ip.forwarding: 1 net.inet.ip.fastforwarding: 1 squid.conf ------------------- wccp2_router 10.4.10.1 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_service standard 0 wccp2_address 0.0.0.0 wccp2_assignment_method 1 Cisco 6500 output: ------------------- #show ip wccp web-cache Global WCCP information: Router information: Router Identifier: 192.168.250.2 Protocol Version: 2.0 Service Identifier: web-cache Number of Service Group Clients: 1 Number of Service Group Routers: 1 Total Packets s/w Redirected: 3799 Process: 0 CEF: 3799 Redirect access-list: 120 Total Packets Denied Redirect: 0 Total Packets Unassigned: 382 Group access-list: 20 Total Messages Denied to Group: 0 Total Authentication failures: 0 Total Bypassed Packets Received: 0 #show ip wccp web-cache detail WCCP Client information: WCCP Client ID: 202.188.244.8 Protocol Version: 2.0 State: Usable Redirection: GRE Packet Return: GRE Assignment: HASH Initial Hash Info: 00000000000000000000000000000000 00000000000000000000000000000000 Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Hash Allotment: 256 (100.00%) Packets s/w Redirected: 3139 Connect Time: 00:48:27 Bypassed Packets Process: 0 CEF: 0 Errors: 0 squid cache log: 2012/03/14 19:31:51| wccp2HereIam: sending to service id 0 2012/03/14 19:31:51| Sending HereIam packet size 144 2012/03/14 19:31:51| Incoming WCCPv2 I_SEE_YOU length 132. 2012/03/14 19:31:51| Complete packet received 2012/03/14 19:31:51| Incoming WCCP2_I_SEE_YOU Received ID old=1591 new=1592. 2012/03/14 19:31:51| Cleaning out cache list Cisco 6500 debug message: *Mar 14 18:53:43.291: WCCP-EVNT:wccp_update_assignment_status: enter *Mar 14 18:53:43.291: WCCP-EVNT:wccp_update_assignment_status: exit *Mar 14 18:53:43.291: WCCP-EVNT:wccp_validate_wc_assignments: enter *Mar 14 18:53:43.291: WCCP-EVNT:wccp_validate_wc_assignments: not mask assignment, exit *Mar 14 18:53:43.291: WCCP-PKT:S00: Sending I_See_You packet to 202.188.244.8 w/ rcv_id 000005F4 *Mar 14 18:53:53.291: WCCP-EVNT:wccp_update_assignment_status: enter *Mar 14 18:53:53.291: WCCP-EVNT:wccp_update_assignment_status: exit *Mar 14 18:53:53.291: WCCP-EVNT:wccp_validate_wc_assignments: enter *Mar 14 18:53:53.291: WCCP-EVNT:wccp_validate_wc_assignments: not mask assignment, exit *Mar 14 18:53:53.291: WCCP-PKT:S00: Sending I_See_You packet to 202.188.244.8 w/ rcv_id 000005F5 *Mar 14 18:54:03.295: WCCP-EVNT:wccp_update_assignment_status: enter *Mar 14 18:54:03.295: WCCP-EVNT:wccp_update_assignment_status: exit *Mar 14 18:54:03.295: WCCP-EVNT:wccp_validate_wc_assignments: enter *Mar 14 18:54:03.295: WCCP-EVNT:wccp_validate_wc_assignments: not mask assignment, exit *Mar 14 18:54:03.295: WCCP-PKT:S00: Sending I_See_You packet to 202.188.244.8 w/ rcv_id 000005F6 1. User can go to the internet - if proxy ip set in their browser 2. User cannot go to internet - if proxy ip is not set in the browser 3. squid didn't log any client access (access.log) - if they don't set in their browser 4. squid cache.log can see cisco 6500 & squid box communicate (refer above log) Appreciate your suggestion / feedback / tips. Thanks.