From owner-freebsd-questions@FreeBSD.ORG Fri Oct 27 09:20:22 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B34F416A403 for ; Fri, 27 Oct 2006 09:20:22 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id 18EF743D46 for ; Fri, 27 Oct 2006 09:20:21 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by nf-out-0910.google.com with SMTP id p77so1223564nfc for ; Fri, 27 Oct 2006 02:20:20 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=VM0d5qLJrHTDpPUHndSFmPo9SLc1n59ryI4ImMb7200egOVNjhdP66Zr3dZ2PWixqPXTtpQNRjz8sXoeYyYJszj1sQwpOSSI9d8QV86ufmm2kuI0NRepGn6AtJ2URDViqlkIaCKfRrHp6fdXfbosDhEXqbksL6CtQI5hGiNkg3w= Received: by 10.78.204.7 with SMTP id b7mr3517444hug; Fri, 27 Oct 2006 02:20:20 -0700 (PDT) Received: by 10.78.167.16 with HTTP; Fri, 27 Oct 2006 02:20:20 -0700 (PDT) Message-ID: Date: Fri, 27 Oct 2006 13:20:20 +0400 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: "Alan Garfield" In-Reply-To: <1161932589.3003.3.camel@localhost.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <1161932589.3003.3.camel@localhost.localdomain> X-Google-Sender-Auth: 0a718f6f3f6999c0 Cc: FreeBSD Questions Subject: Re: Squid2.6/WCCP2/GRE X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Oct 2006 09:20:22 -0000 On 10/27/06, Alan Garfield wrote: > Hey guys, > > I'm hoping someone will have a configuration of the following they can > share as I'm pulling my hair out here trying to get this to work. Sure :-) * squid runs at X.X.5.76 * wccp2 runs at C2800 with multiple addresses, X.X.5.66 and X.X.78.241 among them * X.X.5.66 is in the same subnet with squid, so we send wccp2 notifications from squid there * X.X.78.241 gets chosen by IOS as Router Identifier, so we have to configure it as the gre tunnel remote endpoint * 172.X.X.X are deliberately non-existent, they are just place holders =========================== squid.conf: wccp2_router X.X.5.66 wccp2_address X.X.5.76 =========================== rc.firewall: ipfw add fwd 127.0.0.1,3128 tcp from any to not me dst-port \ 80-82,8080-8083,3128,8007,8022 not uid squid =========================== rc.conf: ifconfig_eth0="inet X.X.5.76/27" ifconfig_gre0="inet 172.10.20.30/32 172.10.20.31 link0 \ link2 tunnel X.X.5.76 X.X.78.241 up" =========================== br2#sh run | incl wccp ip wccp web-cache redirect-list guys_to_cache ip wccp web-cache redirect out =========================== br2#sh ip wccp Global WCCP information: Router information: Router Identifier: X.X.78.241 Protocol Version: 2.0 =========================== Service Identifier: web-cache Number of Cache Engines: 1 Number of routers: 1 Total Packets Redirected: 1208456314 Process: 559 Fast: 0 CEF: 1208455755 Redirect access-list: guys_to_cache Total Packets Denied Redirect: 65691876 Total Packets Unassigned: 816778 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 Total Bypassed Packets Received: 0 ===========================