LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices

Reply
 
Search this Thread
Old 07-27-2004, 11:19 AM   #1
nazzymac
LQ Newbie
 
Registered: Oct 2003
Location: Jamaica
Posts: 27

Rep: Reputation: 15
Help using freebsd 5.0 + squid + wccp + cisco ios


I have done every thing in this manual


1 You need to build a kernel with the following options:
options IPFIREWALL
options IPFIREWALL_FORWARD
Next, its time to configure the IP firewall rules with ipfw. By default, there are no "allow" rules and all packets are denied. I added these commands to /etc/rc.local just to be able to use the machine on my network:
ipfw add 60000 allow all from any to any
But we're still not hijacking connections. To accomplish that, add these rules:
ipfw add 49 allow tcp from 10.0.3.22 to any
ipfw add 50 fwd 127.0.0.1 tcp from any to any 80
The second line (rule 50) is the one which hijacks the connection. The first line makes sure we never hit rule 50 for traffic originated by the local machine. This prevents forwarding loops.
Note that I am not changing the port number here. That is, port 80 packets are simply diverted to Squid on port 80. My Squid configuration is:
http_port 80
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

2. FreeBSD-4.8 and later
The operating system now comes standard with some GRE support. You need to make a kernel with the GRE code enabled:
pseudo-device gre
And then configure the tunnel so that the router's GRE packets are accepted:
# ifconfig gre0 create
# ifconfig gre0 $squid_ip $router_ip netmask 255.255.255.255 up
# ifconfig gre0 tunnel $squid_ip $router_ip
# route delete $router_ip
Alternatively, you can try it like this:
ifconfig gre0 create
ifconfig gre0 $squid_ip 10.20.30.40 netmask 255.255.255.255 link1 tunnel $squid_ip $router_ip up
Since the WCCP/GRE tunnel is one-way, Squid never sends any packets to 10.20.30.40 and that particular address doesn't matter.

I have put all the gre tunnel configurations ing a start up script rc.local

When I start squid the cache.log file had the following messages
2004/07/26 18:23:56| Starting Squid Cache version 2.5.STABLE1 for i386-portbld-freebsd5.0...
2004/07/26 18:23:56| Process ID 453
2004/07/26 18:23:56| With 7293 file descriptors available
2004/07/26 18:23:56| Performing DNS Tests...
2004/07/26 18:23:56| Successful DNS name lookup tests...
2004/07/26 18:23:56| DNS Socket created at 0.0.0.0, port 49162, FD 5
2004/07/26 18:23:56| Adding nameserver 200.10.152.152 from /etc/resolv.conf
2004/07/26 18:23:56| Unlinkd pipe opened on FD 10
2004/07/26 18:23:56| Swap maxSize 102400 KB, estimated 7876 objects
2004/07/26 18:23:56| Target number of buckets: 393
2004/07/26 18:23:56| Using 8192 Store buckets
2004/07/26 18:23:56| Max Mem size: 8192 KB
2004/07/26 18:23:56| Max Swap size: 102400 KB
2004/07/26 18:23:56| Rebuilding storage in /usr/local/squid/cache (CLEAN)
2004/07/26 18:23:56| Using Least Load store dir selection
2004/07/26 18:23:56| Current Directory is /usr/local/squid/logs
2004/07/26 18:23:56| Loaded Icons.
2004/07/26 18:24:12| Accepting HTTP connections at 0.0.0.0, port 3128, FD 12.
2004/07/26 18:24:12| Accepting ICP messages at 0.0.0.0, port 3130, FD 13.
2004/07/26 18:24:12| Accepting SNMP messages on port 3401, FD 14.
2004/07/26 18:24:12| Accepting WCCP messages on port 2048, FD 15.
2004/07/26 18:24:12| Ready to serve requests.
2004/07/26 18:24:12| Done reading /usr/local/squid/cache swaplog (98 entries)
2004/07/26 18:24:12| Finished rebuilding storage from disk.
2004/07/26 18:24:12| 98 Entries scanned
2004/07/26 18:24:12| 0 Invalid entries.
2004/07/26 18:24:12| 0 With invalid flags.
2004/07/26 18:24:12| 98 Objects loaded.
2004/07/26 18:24:12| 0 Objects expired.
2004/07/26 18:24:12| 0 Objects cancelled.
2004/07/26 18:24:12| 0 Duplicate URLs purged.
2004/07/26 18:24:12| 0 Swapfile clashes avoided.
2004/07/26 18:24:12| Took 15.8 seconds ( 6.2 objects/sec).
2004/07/26 18:24:12| Beginning Validation Procedure
2004/07/26 18:24:12| Completed Validation Procedure
2004/07/26 18:24:12| Validated 98 Entries
2004/07/26 18:24:12| store_swap_size = 432k
2004/07/26 18:24:14| storeLateRelease: released 0 objects
I need some help
 
Old 07-27-2004, 03:11 PM   #2
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
squid is running on port 3128
change your http_port to 3128

as your cache.log telling

2004/07/26 18:24:12| Accepting HTTP connections at 0.0.0.0, port 3128, FD 12.

now on ipfw

ipfw add 100 allow ip from 10.0.3.22 to any keep-state
ipfw add 200 fwd 10.0.3.22,3128 tcp from any to any 80
ipfw add 6000 allow ip from any to any

rule 200 will forward all 80 packets to port 3128.

verify through
ipfw show

that packets hitting the rules or not. if packets not hitting the first 2 rules rules then check your wccp,gre tunnel settings.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
linux CISCO IOS emulator? tekhead2 Linux - Software 2 04-22-2008 03:49 AM
coments on comparison of Iptables and cisco ios acl farhan Linux - Security 1 05-17-2005 07:37 AM
WCCP and Transparent Proxy with Squid tech-ninja Linux - Networking 4 03-29-2005 10:25 AM
Ios pk21 Linux - Security 3 08-08-2003 11:13 PM
WCCP on Squid vwhk Linux - General 3 01-28-2002 02:39 PM


All times are GMT -5. The time now is 10:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration