fre 2006-03-10 klockan 16:54 -0800 skrev Daniel EPEE LEA: > 1- Loaded ip_gre module in the kernel ( I didn't use ip_wccp module) Did you also create the needed GRE tunnel on the linux box? If not ip_gre won't know what to do with the received GRE packets carrying the redirected traffic.. the purpose of this gre tunnel is access control, authorizing the router to send encapsulated packets via the Linux box in this manner. > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > dpt:80 redir ports 3128 You should probably add a few rules above this accepting traffic to the server itself. Not strictly needed, but makes life a little saner if you indend to run a web server there for cachemgr.cgi, proxy.pac or whatever.. > 3- My /etc/sysctl.conf > # Controls IP packet forwarding > net.ipv4.ip_forward = 1 Ok. > # Controls source route verification > net.ipv4.conf.default.rp_filter = 0 Ok. > I can see through tcpdump -i bond0 port 2048 > that all the http packets going outside my network are sent by the > router to the squid server, but they are not processed by squid. > access.log is empty. port 2048 is just the WCCP control channel where the proxy and router agrees on what the traffic should be redirected. The actual redirection is done using a form of GRE. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
