Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 06 Dec 2005 10:31:13 +1100
From:      Alan Garfield <alan@fromorbit.com>
To:        freebsd-questions@freebsd.org
Subject:   FreeBSD 6.x / GRE / WCCP / Squid
Message-ID:  <1133825473.2882.22.camel@random.fromorbit.com>

next in thread | raw e-mail | index | archive | help
Hi all,

I'm hoping someone can shed some light on what's going wrong with my
setup. I've searched high and low for a solution, but I've only found
old posts talking about FreeBSD 4.x and not the later versions (nor do
any of the suggestions make any difference).

I'm trying to setup WCCP on our Cisco 1840 router. I have a DMZ with a
squid server listening on port 8080. I have got the gre0 tunnel setup
between the router with link1 option set, I can see the gre packets
coming from the router and appearing on the gre0 interface via tcpdump,
I can see the packets hitting my fwd rule in ipfw via the security log,
but I never see any traffic on the lo0 or anything hitting squid.

It seems like the packets are getting eaten after the forward. Plus I've
also noticed that the encapsulated packets appear to be going 'out' my
Ethernet interface back to the default route, even though they have been
forwarded.

An example of my setup is :-

               Net
                |
                |
    --------- Cisco --------
    |                      |
    |                      |
 DMZ LAN               Internal LAN
    |                      |
    |                      |
  Squid                  Host


Network :
------------------------

     Net: 192.168.20.0/30
     DMZ: 192.168.10.0/24
Internal: 192.168.1.0/24

     Cisco Ext: 192.168.20.1
     Cisco DMZ: 192.168.10.1
Cisco Internal: 192.168.1.1

Squid: 192.168.10.66
 Host: 192.168.1.99


Cisco conf extract :
------------------------

ip wccp version 1
ip wccp web-cache redirect-list 109
!
interface Serial0/0/0:0.1 point-to-point
 ip wccp web-cache redirect out
!
access-list 109 permit ip 192.168.1.0 0.0.0.255 any
access-list 109 deny   ip any any


FreeBSD conf :
------------------------

ifconfig gre0
-------------

gre0: flags=b051<UP,POINTOPOINT,RUNNING,LINK0,LINK1,MULTICAST> mtu 1476
        tunnel inet 192.168.10.66 --> 192.168.10.1
        inet6 fe80::2e0:18ff:feb7:a79c%gre0 prefixlen 64 scopeid 0x4 
        inet 192.168.10.66 --> 10.20.30.40 netmask 0xffffffff 

ipfw list
---------

00010 allow gre from any to any frag
00020 allow log tcp from any to any dst-port 80
00050 fwd 127.0.0.1,8080 tcp from 192.168.1.0/24 to any dst-port 80
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip from any to any
65535 deny ip from any to any

rc.conf
-------

gateway_enable="YES"
ifconfig_fxp0="inet 192.168.10.66 netmask 255.255.255.0"
defaultrouter="192.168.10.1"
squid_enable="YES"


Any help or suggestions would be greatly appreciated.

Thanks,

Alan.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1133825473.2882.22.camel>