Help using freebsd 5.0 + squid + wccp + cisco ios
I have done every thing in this manual
1 You need to build a kernel with the following options:
options IPFIREWALL
options IPFIREWALL_FORWARD
Next, its time to configure the IP firewall rules with ipfw. By default, there are no "allow" rules and all packets are denied. I added these commands to /etc/rc.local just to be able to use the machine on my network:
ipfw add 60000 allow all from any to any
But we're still not hijacking connections. To accomplish that, add these rules:
ipfw add 49 allow tcp from 10.0.3.22 to any
ipfw add 50 fwd 127.0.0.1 tcp from any to any 80
The second line (rule 50) is the one which hijacks the connection. The first line makes sure we never hit rule 50 for traffic originated by the local machine. This prevents forwarding loops.
Note that I am not changing the port number here. That is, port 80 packets are simply diverted to Squid on port 80. My Squid configuration is:
http_port 80
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
2. FreeBSD-4.8 and later
The operating system now comes standard with some GRE support. You need to make a kernel with the GRE code enabled:
pseudo-device gre
And then configure the tunnel so that the router's GRE packets are accepted:
# ifconfig gre0 create
# ifconfig gre0 $squid_ip $router_ip netmask 255.255.255.255 up
# ifconfig gre0 tunnel $squid_ip $router_ip
# route delete $router_ip
Alternatively, you can try it like this:
ifconfig gre0 create
ifconfig gre0 $squid_ip 10.20.30.40 netmask 255.255.255.255 link1 tunnel $squid_ip $router_ip up
Since the WCCP/GRE tunnel is one-way, Squid never sends any packets to 10.20.30.40 and that particular address doesn't matter.
I have put all the gre tunnel configurations ing a start up script rc.local
When I start squid the cache.log file had the following messages
2004/07/26 18:23:56| Starting Squid Cache version 2.5.STABLE1 for i386-portbld-freebsd5.0...
2004/07/26 18:23:56| Process ID 453
2004/07/26 18:23:56| With 7293 file descriptors available
2004/07/26 18:23:56| Performing DNS Tests...
2004/07/26 18:23:56| Successful DNS name lookup tests...
2004/07/26 18:23:56| DNS Socket created at 0.0.0.0, port 49162, FD 5
2004/07/26 18:23:56| Adding nameserver 200.10.152.152 from /etc/resolv.conf
2004/07/26 18:23:56| Unlinkd pipe opened on FD 10
2004/07/26 18:23:56| Swap maxSize 102400 KB, estimated 7876 objects
2004/07/26 18:23:56| Target number of buckets: 393
2004/07/26 18:23:56| Using 8192 Store buckets
2004/07/26 18:23:56| Max Mem size: 8192 KB
2004/07/26 18:23:56| Max Swap size: 102400 KB
2004/07/26 18:23:56| Rebuilding storage in /usr/local/squid/cache (CLEAN)
2004/07/26 18:23:56| Using Least Load store dir selection
2004/07/26 18:23:56| Current Directory is /usr/local/squid/logs
2004/07/26 18:23:56| Loaded Icons.
2004/07/26 18:24:12| Accepting HTTP connections at 0.0.0.0, port 3128, FD 12.
2004/07/26 18:24:12| Accepting ICP messages at 0.0.0.0, port 3130, FD 13.
2004/07/26 18:24:12| Accepting SNMP messages on port 3401, FD 14.
2004/07/26 18:24:12| Accepting WCCP messages on port 2048, FD 15.
2004/07/26 18:24:12| Ready to serve requests.
2004/07/26 18:24:12| Done reading /usr/local/squid/cache swaplog (98 entries)
2004/07/26 18:24:12| Finished rebuilding storage from disk.
2004/07/26 18:24:12| 98 Entries scanned
2004/07/26 18:24:12| 0 Invalid entries.
2004/07/26 18:24:12| 0 With invalid flags.
2004/07/26 18:24:12| 98 Objects loaded.
2004/07/26 18:24:12| 0 Objects expired.
2004/07/26 18:24:12| 0 Objects cancelled.
2004/07/26 18:24:12| 0 Duplicate URLs purged.
2004/07/26 18:24:12| 0 Swapfile clashes avoided.
2004/07/26 18:24:12| Took 15.8 seconds ( 6.2 objects/sec).
2004/07/26 18:24:12| Beginning Validation Procedure
2004/07/26 18:24:12| Completed Validation Procedure
2004/07/26 18:24:12| Validated 98 Entries
2004/07/26 18:24:12| store_swap_size = 432k
2004/07/26 18:24:14| storeLateRelease: released 0 objects
I need some help
|