FreeBSD 6.x / GRE / WCCP / Squid

Alan Garfield alan at
Mon Dec 5 15:31:36 PST 2005

Hi all,

I'm hoping someone can shed some light on what's going wrong with my
setup. I've searched high and low for a solution, but I've only found
old posts talking about FreeBSD 4.x and not the later versions (nor do
any of the suggestions make any difference).

I'm trying to setup WCCP on our Cisco 1840 router. I have a DMZ with a
squid server listening on port 8080. I have got the gre0 tunnel setup
between the router with link1 option set, I can see the gre packets
coming from the router and appearing on the gre0 interface via tcpdump,
I can see the packets hitting my fwd rule in ipfw via the security log,
but I never see any traffic on the lo0 or anything hitting squid.

It seems like the packets are getting eaten after the forward. Plus I've
also noticed that the encapsulated packets appear to be going 'out' my
Ethernet interface back to the default route, even though they have been

An example of my setup is :-

    --------- Cisco --------
    |                      |
    |                      |
 DMZ LAN               Internal LAN
    |                      |
    |                      |
  Squid                  Host

Network :


     Cisco Ext:
     Cisco DMZ:
Cisco Internal:


Cisco conf extract :

ip wccp version 1
ip wccp web-cache redirect-list 109
interface Serial0/0/0:0.1 point-to-point
 ip wccp web-cache redirect out
access-list 109 permit ip any
access-list 109 deny   ip any any

FreeBSD conf :

ifconfig gre0

        tunnel inet -->
        inet6 fe80::2e0:18ff:feb7:a79c%gre0 prefixlen 64 scopeid 0x4 
        inet --> netmask 0xffffffff 

ipfw list

00010 allow gre from any to any frag
00020 allow log tcp from any to any dst-port 80
00050 fwd,8080 tcp from to any dst-port 80
00100 allow ip from any to any via lo0
00200 deny ip from any to
00300 deny ip from to any
65000 allow ip from any to any
65535 deny ip from any to any


ifconfig_fxp0="inet netmask"

Any help or suggestions would be greatly appreciated.



More information about the freebsd-questions mailing list