From owner-freebsd-questions@FreeBSD.ORG Mon Dec 5 23:31:35 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D566F16A41F for ; Mon, 5 Dec 2005 23:31:35 +0000 (GMT) (envelope-from alan@fromorbit.com) Received: from thing1.auspcmarket.com.au (mail.fromorbit.com [203.31.169.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8262143D79 for ; Mon, 5 Dec 2005 23:31:28 +0000 (GMT) (envelope-from alan@fromorbit.com) Received: from [192.168.1.99] (unknown [192.168.1.99]) by thing1.auspcmarket.com.au (Postfix) with ESMTP id 6160C7F94 for ; Tue, 6 Dec 2005 10:31:14 +1100 (EST) From: Alan Garfield To: freebsd-questions@freebsd.org Content-Type: text/plain Date: Tue, 06 Dec 2005 10:31:13 +1100 Message-Id: <1133825473.2882.22.camel@random.fromorbit.com> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) Content-Transfer-Encoding: 7bit Subject: FreeBSD 6.x / GRE / WCCP / Squid X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2005 23:31:36 -0000 Hi all, I'm hoping someone can shed some light on what's going wrong with my setup. I've searched high and low for a solution, but I've only found old posts talking about FreeBSD 4.x and not the later versions (nor do any of the suggestions make any difference). I'm trying to setup WCCP on our Cisco 1840 router. I have a DMZ with a squid server listening on port 8080. I have got the gre0 tunnel setup between the router with link1 option set, I can see the gre packets coming from the router and appearing on the gre0 interface via tcpdump, I can see the packets hitting my fwd rule in ipfw via the security log, but I never see any traffic on the lo0 or anything hitting squid. It seems like the packets are getting eaten after the forward. Plus I've also noticed that the encapsulated packets appear to be going 'out' my Ethernet interface back to the default route, even though they have been forwarded. An example of my setup is :- Net | | --------- Cisco -------- | | | | DMZ LAN Internal LAN | | | | Squid Host Network : ------------------------ Net: 192.168.20.0/30 DMZ: 192.168.10.0/24 Internal: 192.168.1.0/24 Cisco Ext: 192.168.20.1 Cisco DMZ: 192.168.10.1 Cisco Internal: 192.168.1.1 Squid: 192.168.10.66 Host: 192.168.1.99 Cisco conf extract : ------------------------ ip wccp version 1 ip wccp web-cache redirect-list 109 ! interface Serial0/0/0:0.1 point-to-point ip wccp web-cache redirect out ! access-list 109 permit ip 192.168.1.0 0.0.0.255 any access-list 109 deny ip any any FreeBSD conf : ------------------------ ifconfig gre0 ------------- gre0: flags=b051 mtu 1476 tunnel inet 192.168.10.66 --> 192.168.10.1 inet6 fe80::2e0:18ff:feb7:a79c%gre0 prefixlen 64 scopeid 0x4 inet 192.168.10.66 --> 10.20.30.40 netmask 0xffffffff ipfw list --------- 00010 allow gre from any to any frag 00020 allow log tcp from any to any dst-port 80 00050 fwd 127.0.0.1,8080 tcp from 192.168.1.0/24 to any dst-port 80 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 deny ip from any to any rc.conf ------- gateway_enable="YES" ifconfig_fxp0="inet 192.168.10.66 netmask 255.255.255.0" defaultrouter="192.168.10.1" squid_enable="YES" Any help or suggestions would be greatly appreciated. Thanks, Alan.