RE: [squid-users] Squid + Cisco 4500 + WCCP2

From: Ioannis Pliatsikas <gpliats_at_ee.duth.gr>
Date: Wed, 25 Jul 2012 08:43:30 +0000

 Very sorry for bothering you again

 although i get the redirection from the router to squid, using tcpdump
 (10.72.192.61 test internal address)

 11:38:37.956330 IP 199.47.218.151.80 > 10.72.192.61.50690: Flags [S.],
 seq 1048613649, ack 1347334415, win 14600, options [mss
 1460,nop,nop,sackOK,nop,wscale 4], length 0
 11:38:38.399796 IP 10.72.192.61.50697 > 199.47.218.151.80: Flags [S],
 seq 3043000771, win 8192, options [mss 1460,nop,wscale
 2,nop,nop,sackOK], length 0
 11:38:38.399880 IP 199.47.218.151.80 > 10.72.192.61.50697: Flags [S.],
 seq 3389808826, ack 3043000772, win 14600, options [mss
 1460,nop,nop,sackOK,nop,wscale 4], length 0
 11:38:39.756353 IP 199.47.218.151.80 > 10.72.192.61.50697: Flags [S.],
 seq 3389808826, ack 3043000772, win 14600, options [mss
 1460,nop,nop,sackOK,nop,wscale 4], length 0
 11:38:41.356350 IP 176.9.44.80.80 > 10.72.192.61.50693: Flags [S.], seq
 326259738, ack 1299448389, win 14600, options [mss
 1460,nop,nop,sackOK,nop,wscale 4], length 0
 11:38:41.409101 IP 10.72.192.61.50697 > 199.47.218.151.80: Flags [S],
 seq 3043000771, win 8192, options [mss 1460,nop,wscale
 2,nop,nop,sackOK], length 0
 11:38:41.409164 IP 199.47.218.151.80 > 10.72.192.61.50697: Flags [S.],
 seq 3389808826, ack 3043000772, win 14600, options [mss
 1460,nop,nop,sackOK,nop,wscale 4], length 0
 11:38:41.556343 IP 176.9.44.80.80 > 10.72.192.61.50694: Flags [S.], seq
 2634200113, ack 3423797704, win 14600, options [mss
 1460,nop,nop,sackOK,nop,wscale 4], length 0
 11:38:41.756336 IP 199.47.218.151.80 > 10.72.192.61.50697: Flags [S.],
 seq 3389808826, ack 3043000772, win 14600, options [mss
 1460,nop,nop,sackOK,nop,wscale 4], length 0
 11:38:41.756362 IP 209.85.148.139.80 > 10.72.192.61.50695: Flags [S.],
 seq 2040290141, ack 953271924, win 14600, options [mss
 1460,nop,nop,sackOK,nop,wscale 4], length 0
 11:38:42.356340 IP 209.85.148.139.80 > 10.72.192.61.50696: Flags [S.],
 seq 69242255, ack 3941278742, win 14600, options [mss
 1460,nop,nop,sackOK,nop,wscale 4], length 0

 i still can't get linux to redirect to squid (port 8080), access.log is
 empty

 i use the following iptables

 -------------------------------------------------------------------------
 # Generated by iptables-save v1.4.12.1 on Wed Jul 25 11:36:37 2012
 *filter
 :INPUT ACCEPT [105007:140596865]
 :FORWARD ACCEPT [3:120]
 :OUTPUT ACCEPT [212743:136992211]
 -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 COMMIT
 # Completed on Wed Jul 25 11:36:37 2012
 # Generated by iptables-save v1.4.12.1 on Wed Jul 25 11:36:37 2012
 *nat
 :PREROUTING ACCEPT [0:0]
 :INPUT ACCEPT [1254:65132]
 :OUTPUT ACCEPT [118:7345]
 :POSTROUTING ACCEPT [0:0]
 -A PREROUTING -d $SQUID_IP -i eth0 -p tcp -j ACCEPT
 -A PREROUTING -s $NETWORK_SPACE -i eth0 -p tcp -m tcp --dport 80 -j
 REDIRECT --to-ports 8080
 -A POSTROUTING -j MASQUERADE
 COMMIT
 # Completed on Wed Jul 25 11:36:37 2012
 ---------------------------------------------------------------------------

 Catch is that i use l2 redirection, so source and destination is eth0,
 no gre tunnel. Can it be done or should a create a virtual device and
 redirect input from there?

 Thank you in advance
 John
Received on Wed Jul 25 2012 - 08:43:34 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 25 2012 - 12:00:02 MDT