Date: Thu, 15 Mar 2012 20:58:26 +0800 From: Ahmad Faisal <ded1@MyBSD.org.my> To: freebsd-questions@freebsd.org Subject: Problem with FreeBSD working with squid and WCCPv2 Cisco 6500 series Message-ID: <4F61E772.9060806@MyBSD.org.my> In-Reply-To: <4F61E61E.9080109@MyBSD.org.my> References: <4F61E61E.9080109@MyBSD.org.my>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
i have some query and would like to ask anyone on squid with cisco
catalyst 6500 switch with wccpv2
My setup:
- squid2.7-stable9 on freebsd 7.2-RELEASE
- cisco switch catalyst 6500 with ios 12.2(33)SXJ1
Internet
|
|
--------- Cisco FWSM firewall
| |
| |
| cisco switch catalyst 6500 (Core switch) 10.4.10.1
DMZ Segment |
| |
| Internal LAN (10.0.0.0/8)
| |
| |
Squid box User
(202.188.244.8)
FreeBSD conf :
------------------------
ifconfig gre0
-------------
gre0: flags=d051<UP,POINTOPOINT,RUNNING,LINK0,LINK2,MULTICAST> metric 0
mtu 1476
tunnel inet 202.188.244.8 --> 10.4.10.1
inet 202.188.244.8 --> 192.168.249.2 netmask 0xffffffff
ipnat rules:
----------------
rdr bce0 0.0.0.0/0 port 80 -> 202.188.244.8 port 7788
rdr bce0 0.0.0.0/0 port 443 -> 202.188.244.8 port 7788
rdr gre0 0.0.0.0/0 port 80 -> 202.188.244.8 port 7788
rdr gre0 0.0.0.0/0 port 443 -> 202.188.244.8 port 7788
ipf rules:
-------------
pass in log first on gre0 all
pass out log first on gre0 all
pass in log first on bce0 all
pass out log first on bce0 all
/etc/rc.conf
-----------------
ifconfig_bce0="inet 202.188.244.8 netmask 255.255.255.0"
cloned_interfaces="gre0"
ifconfig_gre0="inet 202.188.244.8 192.168.249.2 netmask 255.255.255.255
link2 tunnel 202.188.244.8 10.4.10.1 up"
sysctl.conf
--------------
net.inet.ip.forwarding: 1
net.inet.ip.fastforwarding: 1
squid.conf
-------------------
wccp2_router 10.4.10.1
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0
wccp2_address 0.0.0.0
wccp2_assignment_method 1
Cisco 6500 output:
-------------------
#show ip wccp web-cache
Global WCCP information:
Router information:
Router Identifier: 192.168.250.2
Protocol Version: 2.0
Service Identifier: web-cache
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 3799
Process: 0
CEF: 3799
Redirect access-list: 120
Total Packets Denied Redirect: 0
Total Packets Unassigned: 382
Group access-list: 20
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
#show ip wccp web-cache detail
WCCP Client information:
WCCP Client ID: 202.188.244.8
Protocol Version: 2.0
State: Usable
Redirection: GRE
Packet Return: GRE
Assignment: HASH
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets s/w Redirected: 3139
Connect Time: 00:48:27
Bypassed Packets
Process: 0
CEF: 0
Errors: 0
squid cache log:
2012/03/14 19:31:51| wccp2HereIam: sending to service id 0
2012/03/14 19:31:51| Sending HereIam packet size 144
2012/03/14 19:31:51| Incoming WCCPv2 I_SEE_YOU length 132.
2012/03/14 19:31:51| Complete packet received
2012/03/14 19:31:51| Incoming WCCP2_I_SEE_YOU Received ID old=1591 new=1592.
2012/03/14 19:31:51| Cleaning out cache list
Cisco 6500 debug message:
*Mar 14 18:53:43.291: WCCP-EVNT:wccp_update_assignment_status: enter
*Mar 14 18:53:43.291: WCCP-EVNT:wccp_update_assignment_status: exit
*Mar 14 18:53:43.291: WCCP-EVNT:wccp_validate_wc_assignments: enter
*Mar 14 18:53:43.291: WCCP-EVNT:wccp_validate_wc_assignments: not mask
assignment, exit
*Mar 14 18:53:43.291: WCCP-PKT:S00: Sending I_See_You packet to
202.188.244.8 w/ rcv_id 000005F4
*Mar 14 18:53:53.291: WCCP-EVNT:wccp_update_assignment_status: enter
*Mar 14 18:53:53.291: WCCP-EVNT:wccp_update_assignment_status: exit
*Mar 14 18:53:53.291: WCCP-EVNT:wccp_validate_wc_assignments: enter
*Mar 14 18:53:53.291: WCCP-EVNT:wccp_validate_wc_assignments: not mask
assignment, exit
*Mar 14 18:53:53.291: WCCP-PKT:S00: Sending I_See_You packet to
202.188.244.8 w/ rcv_id 000005F5
*Mar 14 18:54:03.295: WCCP-EVNT:wccp_update_assignment_status: enter
*Mar 14 18:54:03.295: WCCP-EVNT:wccp_update_assignment_status: exit
*Mar 14 18:54:03.295: WCCP-EVNT:wccp_validate_wc_assignments: enter
*Mar 14 18:54:03.295: WCCP-EVNT:wccp_validate_wc_assignments: not mask
assignment, exit
*Mar 14 18:54:03.295: WCCP-PKT:S00: Sending I_See_You packet to
202.188.244.8 w/ rcv_id 000005F6
1. User can go to the internet - if proxy ip set in their browser
2. User cannot go to internet - if proxy ip is not set in the browser
3. squid didn't log any client access (access.log) - if they don't set
in their browser
4. squid cache.log can see cisco 6500 & squid box communicate (refer
above log)
Appreciate your suggestion / feedback / tips.
Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F61E772.9060806>