Re: [squid-users] Squid + Cisco 4500 + WCCP2

On 24/07/2012 7:13 p.m., Ioannis Pliatsikas wrote:
> Thanks all
>
> managed to get it partially working
>
> Cisco redirecting traffic to squid but squid is not accepting it.
>
>
> Used
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> --to-port 8080
>
> to redirect all incoming traffic to squid port but access.log shows no
> activity
>
>
> tcpdump
> 10:03:27.428145 IP (tos 0x0, ttl 127, id 31964, offset 0, flags [DF],
> proto TCP (6), length 52)
> 10.72.192.61.59817 > 209.85.148.138.80: Flags [S], cksum 0xd6dd
> (correct), seq 3440021710, win 8192, options [mss 1460,nop,wscale
> 2,nop,nop,sackOK], length 0
> 10:03:27.428232 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
> TCP (6), length 52)
> 209.85.148.138.80 > 10.72.192.61.59817: Flags [S.], cksum 0x308c
> (incorrect -> 0x96db), seq 3493353134, ack 3440021711, win 14600,
> options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
> 10:03:27.480245 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
> TCP (6), length 52)
> 176.9.44.80.80 > 10.72.192.61.59806: Flags [S.], cksum 0xa705
> (incorrect -> 0xa05d), seq 3110682159, ack 1547219199, win 14600,
> options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
> 10:03:27.655208 IP (tos 0x0, ttl 127, id 31966, offset 0, flags [DF],
> proto TCP (6), length 52)
> 10.72.192.61.59818 > 209.85.148.138.80: Flags [S], cksum 0x09ce
> (correct), seq 2337382294, win 8192, options [mss 1460,nop,wscale
> 2,nop,nop,sackOK], length 0
> 10:03:27.655289 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
> TCP (6), length 52)
> 209.85.148.138.80 > 10.72.192.61.59818: Flags [S.], cksum 0x308c
> (incorrect -> 0xd8b2), seq 3393736119, ack 2337382295, win 14600,
> options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
>
>
> any ideas why chsum is incorrect and why is not redirecting to port 8080?
>

iptables NAT or NIC problem. Are you missing the MASQUERADE rule for the
return traffic?

Amos
Received on Tue Jul 24 2012 - 12:26:52 MDT