Yes,
check your rp_filter=0
Be sure to try your squid in non-transparent (fill the proxy in client
browser) is work well
You also had to search topics in web
http://www.squid-cache.org/mail-archive/squid-users/200502/0909.html
rgds,
Tino
----- Original Message -----
From: "Bryan Shoebottom" <[EMAIL PROTECTED]>
To: "Henrik Nordstrom" <[EMAIL PROTECTED]>
Cc: "tino" <[EMAIL PROTECTED]>; <squid-users@squid-cache.org>
Sent: Thursday, July 20, 2006 2:54 AM
Subject: Re: [squid-users] 2.6S1 WCCP2 problems
Henrik,
I will give that a shot. Is there any reason why this isn't in the FAQ?
This is the first place i checked when my config didn't work.
Thanks,
Bryan
On Wed, 2006-07-19 at 10:04 -0400, Henrik Nordstrom wrote:
ons 2006-07-19 klockan 07:25 +0700 skrev tino:
> RE: [squid-users] 2.6S1 WCCP2 problems http_port 3128 transparent
> vhost vport=80
why vhost and vport=80? These are for accelerator/reverse proxy mode,
not Internet proxies.. The transparent keyword takes care of all which
is needed in transparent interception.
> #-at squid:
> insmod ip_gre
> ifconfig gre0 up
> ip addr add 172.0.0.2 255.255.255.252 dev gre0
I would say it's better to create a new GRE tunnel for the router.
ip tunnel add wccp mode gre remote ip.of.router
ip addr add proxy.server.ip/32 dev wccp
ip link set wccp up
and intercepted packets redirected by the router should be coming in on
the virtual wccp interface, where they can easily be redirected to Squid
iptables -t nat -A PREROUTING -i wccp -p tcp -j REDIRECT --to 3128
You quite likely also need to disable reverse-path lookups on the wccp
interface
echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter
IP forwarding does not need to be enabled.
Regards
Henrik
