----- "Amos Jeffries" <squ...@treenet.co.nz> wrote: > > Um, ACK means *something* accepted the connection and responded to the > > client box. All things working that should have been Squid.
This is the part the puzzles me. I'm not sure what is accepting it, if not squid. > The usual source of this behaviour is admin overlooking the fact that > the > > Squid box in these setups is a router (which *happens* to only route > port > > 80 traffic passed in by the WCCP, but still routing). It requires > packet > > forwarding to be working and rp_filter to be disabled. > > > > By "I enable proxy to 72.2.0.4:80" do you mean configuring the > browser to > > use a proxy at 72.2.0.4:80 ? > > Or that you configure Squid to listen on 72.2.0.4:80 ? I change the browser to use proxy, and it works fine. No changes made on the squid box. I have been advised to get a tcpdump from the client, which I will do next. I will look into rp_filter setting also. === Sorry, that last reply was meant for the list. I checked into the rp_filter setting: net.ipv4.conf.lo.rp_filter = 0 net.ipv4.conf.lo.arp_filter = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.all.arp_filter = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.default.arp_filter = 0 net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.eth0.arp_filter = 0 net.ipv4.conf.eth1.rp_filter = 0 net.ipv4.conf.eth1.arp_filter = 0 net.ipv4.conf.gre0.rp_filter = 0 net.ipv4.conf.gre0.arp_filter = 0 Also, the tcpdump from the client shows nothing coming back to it, just the outgoing SYN. Regards, Shawn Wright I.T. Manager, Shawnigan Lake School http://www.shawnigan.ca
