Thank you very much. I will try your suggestion very soon.
I want to make sure if my configuration is right.
modprobe ip_gre
iptunnel add gre0 mode gre remote 192.168.9.253 local 192.168.9.251 dev eth0
ifconfig gre0 inet 192.168.9.251 netmask 255.255.255.0 up
ip link set eth0 mtu 1400
ip link set gre0 mtu 1400
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j
REDIRECT --to-port 8080
Thank you again for your help.
Vichao Saenghiranwathana
On Tue, Apr 13, 2010 at 1:42 AM, Horacio H. <pokehorace_at_gmail.com> wrote:
> 2010/4/8 Vichao Saenghiranwathana <vichaos_at_gmail.com>:
>
>> I still stunned. Can you explain more in deeper detail so I can
>> understand what the problem is.
>>
>
> Hi Vichao,
>
> If you already have a static NAT translation at the ASA between these
> two addresses: 192.168.9.251 and 203.130.133.9, it doesn't make sense
> to me why you also configured the same public IP address at the second
> subinterface. Unless you need it for an unrelated setup, you may want
> to remove the second subinterface because (if you also configured a
> default-gateway there) when external packets are destinede to the
> address 203.130.133.9 it might cause the ASA to NAT packets that
> shouldn't be, or viceversa.
>
> Aside from that, if the issue persist your next clue resides in
> collecting all the info your ASA shows about the WCCP
> association/registration, and monitor the counters of the GRE tunnel
> and iptables active rules and default policies.
>
> I hope this comment was helpful. I have a similar setup and it works fine.
>
> Regards,
> Horacio.
>
Received on Tue Apr 13 2010 - 09:02:21 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 13 2010 - 12:00:04 MDT