From owner-freebsd-net Sat Feb 1 15:49:28 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 983A737B401 for ; Sat, 1 Feb 2003 15:49:26 -0800 (PST) Received: from loops.nilpotent.org (loops.nilpotent.org [12.17.163.70]) by mx1.FreeBSD.org (Postfix) with SMTP id F320E43F3F for ; Sat, 1 Feb 2003 15:49:25 -0800 (PST) (envelope-from silence@nilpotent.org) Received: (qmail 83337 invoked by uid 200); 1 Feb 2003 23:49:23 -0000 Date: Sat, 1 Feb 2003 15:49:23 -0800 From: Faried Nawaz To: freebsd-isp@freebsd.org Cc: freebsd-net@freebsd.org Subject: pseudo-device gre and wccp/squid Message-ID: <20030201234923.GA83216@nilpotent.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.25i Organization: Integral Domains Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Is anyone using the gre pseudo-device with squid for WCCP? Try as I might I can't get it to work for me. I'm using FreeBSD 4.7-STABLE, using ipfilter's ipnat to redirect packets. I've done ifconfig gre0 create ifconfig gre0 aaa.bbb.ccc.ddd fff.ggg.hhh.iii netmask 255.255.255.255 link0 up ifconfig gre0 tunnel aaa.bbb.ccc.ddd fff.ggg.hhh.iii aaa.bbb.ccc.ddd is the web proxy's ip, fff.ggg.hhh.iii is the router's. ipnat.rules has rdr gre0 0.0.0.0/0 port 80 aaa.bbb.ccc.ddd port 8080 tcp ipfilter is set to pass through all traffic, and there are no firewall rules defined. tcpdump on my ethernet interface shows gre packets coming in. 04:07:39.093205 fff.ggg.hhh.iii > aaa.bbb.ccc.ddd: gre gre-proto-0x883E tcpdump on my gre0 interface shows incoming connections from the users, and ipnat -l shows lots of redirects. proxy1# ipnat -l | head List of active MAP/Redirect filters: rdr gre0 0.0.0.0/0 port 80 -> aaa.bbb.ccc.ddd port 8080 tcp List of active sessions: RDR aaa.bbb.ccc.ddd 8080 <- -> 207.44.178.61 80 [203.215.178.61 4122] RDR aaa.bbb.ccc.ddd 8080 <- -> 205.188.250.25 80 [203.215.178.19 1612] RDR aaa.bbb.ccc.ddd 8080 <- -> 66.51.99.157 80 [66.206.32.180 3769] RDR aaa.bbb.ccc.ddd 8080 <- -> 64.94.89.238 80 [203.215.177.248 1172] RDR aaa.bbb.ccc.ddd 8080 <- -> 207.46.104.20 80 [66.206.33.7 1601] proxy1# However, none of them get to squid. Everything worked fine before the upgrade, but I was using the gre patch from squid's web site to do the work. The new pseudo-device appears to have WCCP-specific code in it, but it's not working. Does anyone have this working? Anyone at all? I'm willing to break down and switch to ipfw if that'll help, but I can't upgrade my machines to 4.7 (and higher) properly without a fix. Surely someone has used this since the code was commited. (A hack would be to comment out all code related to the pseudo-device so I can use the wccp-specific gre.c.) Faried. -- The Great GNU has arrived, infidels, behold his wrath ! "If a MOO runs on a port no one accesses, does it run?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message