RE: [squid-users] FW: Hotmail login issue from Shoebottom, Bryan on 2006-03-14 (squid-users)

From: Shoebottom, Bryan <BShoebottom@dont-contact.us>
Date: Tue, 14 Mar 2006 08:59:18 -0500

Mark, everyone,

I got the gre module to work, it was an iptables issue. In using fedora
core 4 for the first time, I didn't check the rules ahead of time. Upon
trying to hit the cache directly and failing, I went back step by step
and found the issue. A simple iptables -F and reissuing my redirect
command fixed that issue. I tested hotmail and it works! So the gre
module seems to be a fix for this issue, is there a fix for the wccp
module?

Thanks,
Bryan

-----Original Message-----
From: Shoebottom, Bryan [mailto:BShoebottom@fanshawec.ca]
Sent: March 14, 2006 8:14 AM
To: Mark Elsen
Cc: squid-users@squid-cache.org; Daniel EPEE LEA; Henrik Nordstrom
Subject: RE: [squid-users] FW: Hotmail login issue

Mark,

Is there a known workaround? I've tried your suggestion and also tried
changing the MTU via iptables to allow for the GRE header, but nothing
has worked. I am using the wccp module as I can't get the GRE module to
work. When I do a tcpdump I only see packets coming from the WCCP
router, from Henrik's post
http://www.squid-cache.org/mail-archive/squid-users/200510/0027.html i
should see client IPs.

/sbin/iptables -t nat -I POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j
\ TCPMSS --set-mss 1476

Thanks,
Bryan

-----Original Message-----
From: Mark Elsen [mailto:mark.elsen@gmail.com]
Sent: March 13, 2006 11:48 AM
To: Shoebottom, Bryan
Cc: squid-users@squid-cache.org; Daniel EPEE LEA
Subject: Re: [squid-users] FW: Hotmail login issue

> This hasn't worked. I think I will try a system with a 2.6 kernel
next.
> Most posts point to the MTU needing to be reduced, and although I have
> done that, I am still encountering the problem. Currently I use the
> wccp module, I understand that the gre module already has the reduced
> MTU size configured and will hopefully work right out of the box.
>

- Yes note that this is one of the main issues argumenting
against transp. proxy-ing (MTU), there are others too :

http://squidwiki.kinkie.it/SquidFaq/InterceptionProxy?highlight=%28inter
cept%29#head-1cf13b27d5a6f8c523a4582d38a8cfaaacafb896

M.
Received on Tue Mar 14 2006 - 07:00:26 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST