FreeBSD 6.x / GRE / WCCP / Squid
- From: Alan Garfield <alan@xxxxxxxxxxxxx>
- Date: Tue, 06 Dec 2005 10:31:13 +1100
Hi all,
I'm hoping someone can shed some light on what's going wrong with my
setup. I've searched high and low for a solution, but I've only found
old posts talking about FreeBSD 4.x and not the later versions (nor do
any of the suggestions make any difference).
I'm trying to setup WCCP on our Cisco 1840 router. I have a DMZ with a
squid server listening on port 8080. I have got the gre0 tunnel setup
between the router with link1 option set, I can see the gre packets
coming from the router and appearing on the gre0 interface via tcpdump,
I can see the packets hitting my fwd rule in ipfw via the security log,
but I never see any traffic on the lo0 or anything hitting squid.
It seems like the packets are getting eaten after the forward. Plus I've
also noticed that the encapsulated packets appear to be going 'out' my
Ethernet interface back to the default route, even though they have been
forwarded.
An example of my setup is :-
Net
|
|
--------- Cisco --------
| |
| |
DMZ LAN Internal LAN
| |
| |
Squid Host
Network :
------------------------
Net: 192.168.20.0/30
DMZ: 192.168.10.0/24
Internal: 192.168.1.0/24
Cisco Ext: 192.168.20.1
Cisco DMZ: 192.168.10.1
Cisco Internal: 192.168.1.1
Squid: 192.168.10.66
Host: 192.168.1.99
Cisco conf extract :
------------------------
ip wccp version 1
ip wccp web-cache redirect-list 109
!
interface Serial0/0/0:0.1 point-to-point
ip wccp web-cache redirect out
!
access-list 109 permit ip 192.168.1.0 0.0.0.255 any
access-list 109 deny ip any any
FreeBSD conf :
------------------------
ifconfig gre0
-------------
gre0: flags=b051<UP,POINTOPOINT,RUNNING,LINK0,LINK1,MULTICAST> mtu 1476
tunnel inet 192.168.10.66 --> 192.168.10.1
inet6 fe80::2e0:18ff:feb7:a79c%gre0 prefixlen 64 scopeid 0x4
inet 192.168.10.66 --> 10.20.30.40 netmask 0xffffffff
ipfw list
---------
00010 allow gre from any to any frag
00020 allow log tcp from any to any dst-port 80
00050 fwd 127.0.0.1,8080 tcp from 192.168.1.0/24 to any dst-port 80
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip from any to any
65535 deny ip from any to any
rc.conf
-------
gateway_enable="YES"
ifconfig_fxp0="inet 192.168.10.66 netmask 255.255.255.0"
defaultrouter="192.168.10.1"
squid_enable="YES"
Any help or suggestions would be greatly appreciated.
Thanks,
Alan.
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: FreeBSD 6.x / GRE / WCCP / Squid
- From: Cezar Fistik
- Re: FreeBSD 6.x / GRE / WCCP / Squid
- Prev by Date: Re: Too many files crashing services
- Next by Date: Re: cp/mv/etc : argument list too long ... I am sick of this
- Previous by thread: cp/mv/etc : argument list too long ... I am sick of this
- Next by thread: Re: FreeBSD 6.x / GRE / WCCP / Squid
- Index(es):
Relevant Pages
|
