RE: [squid-users] Red Hat 5 - Squid 2.6 Stable 13 WCCP V2 and GRE

It works if I configure my client to use the proxy and it works if I
point my default route to the proxy machine when I am on the same
subnet. The firewall is completely disabled. gre1 has IP of 127.0.0.2.

http_port 3128 transparent

iptables-save -t nat
# Generated by iptables-save v1.3.5 on Thu Jun 14 14:58:08 2007
*nat
:PREROUTING ACCEPT [139:7087]
:POSTROUTING ACCEPT [742:45345]
:OUTPUT ACCEPT [622:39585]
-A PREROUTING -i gre1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports
3128
COMMIT
# Completed on Thu Jun 14 14:58:08 2007

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Thursday, June 14, 2007 5:02 PM
To: Van Der Hart, Kevin
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Red Hat 5 - Squid 2.6 Stable 13 WCCP V2 and
GRE

tor 2007-06-14 klockan 14:59 -0500 skrev Van Der Hart, Kevin:
> Ok. My iptable rule was not intercepting the packet as I had created
the
> rule for eth0 not gre1. I created the rule for gre1 as shown below.
Now
> the packets don't get forwarded to the router and loop as they were
> before, but still Squid does not reply via eth0 with a SYN ACK. A
> tcpdump on gre1 sees the incoming SYN packets while a tcpdump on eth0
> only sees the GRE encrypted traffic.

Does it work if you configure your client to use the proxy?

What address is gre1 configured with, and what do your http_port line
look like?

Any firewall rules in INPUT or OUTPUT which might block the traffic?

iptables-save

Regards
Henrik
Received on Thu Jun 14 2007 - 19:33:35 MDT