Henrik Nordstrom wrote: > On Thu, 24 Feb 2005, Jesse Guardiani wrote: > >> I don't think it is anymore. It seems like the packets are just >> dissappearing after they hit my iptables rule. I tried placing OUTPUT and >> POSTROUTING LOG rules around the NAT table, and their hit counters >> increment if I hit the cache directly from a web browser, but if I hit it >> transparently the packet just dissappears after the REDIRECT to port >> 3128. > > Try using DNAT instead of REDIRECT. I thought you might say that, so I tried it with DNAT earlier in the day. I tried destination addresses 192.168.10.2 (my ip alias on eth0:22) and 192.168.1.2 (my "real" eth0 ip). Neither worked. Here's an example of the latter: # iptables -t nat -L -v Chain PREROUTING (policy ACCEPT 425 packets, 61769 bytes) pkts bytes target prot opt in out source destination 43 2580 DNAT tcp -- gre1 any anywhere anywhere tcp dpt:www to:192.168.1.2:3128 Do you see anything wrong with the above? I'm starting to think that something is wrong with linux's gre WCCP decapsulation. That's why I keep asking if anyone actually has this working on my kernel and my squid. But I guess, judging from the silence, that nobody has it working yet. Is there a better alternative to WCCP? I'm particularly interested in the fail-over feature. I'd hate for my user's internet access to go down just because my squid server rebooted. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
