Re: Trouble with multiple interfaces and rdr ?

This is a discussion on Re: Trouble with multiple interfaces and rdr ? within the IPFilter forums, part of the System Security and Security Related category; Well, WCCP is a protocol to redirect http traffic to a cache based on cache availability. It has 2 parts, ...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page Re: Trouble with multiple interfaces and rdr ?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-03-2003
Carlos G Mendioroz
 
Posts: n/a
Default Re: Trouble with multiple interfaces and rdr ?
Well,
WCCP is a protocol to redirect http traffic to a cache based on cache
availability.
It has 2 parts, a presence discovery/assurance part (i.e. keep-alive)
and a GRE tunnel via which redirected traffic is sent to cache.

The cache lies somewhere in my network, and doesn't need to go back to
the router to reach the client that wants the page... that's why the
output interface is not the tunnel...

So Client send router an http req,
router sends cache via tunnel (with original IP destination intact)
cache machine receives via tunnel, does NATing of destination via rdr
cache (squid) answers client, but source is cache machine, where it
should be original http server ip.

Going back via the tunnel would need policy routing in the cache
machine, not to break the rest of the traffic when the cache is down.
(And seems to be a less performant option too)

The reason of WCCP using a tunnel seems to be that this way the cache
needs not have a shared medium with the router.

Also, asymetric traffic does pop now and then for different reasons,
and I don't see why the NAT table is associated with the interface to
begin with (but I have not thought of that that much).


Guido van Rooij wrote:
> On Thu, Oct 02, 2003 at 07:35:11PM -0300, Carlos G Mendioroz wrote:
>
>>I'm trying to setup a WCCP enabled transparent proxy and have been
>>facing various troubles, but finally got to a point where ipfilter
>>seems to have the key to the issue.
>>
>>Basically, the redirected packages from the client are getting to
>>the proxy (squid) via a wccp(gre) tunnel, but the answers from the proxy
>>are going back without the proper de-NATing and so it does not work. :-(
>>
>>This seems to be consequence of the rdr rules being attached to
>>interfaces, and the route to the client does not go through the tunnel,
>>which is the incomming interface for the client connection (and thus the
>>one with the rdr command).
>
>
> Are you saying that incoming packets come i via the tunnel and outgoing
> packets do not go via the tunnel? If so, what is the purpose of
> te tunnel if I may ask?
>
> -Guido
>

--
Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 05:39 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0