ons 2006-07-19 klockan 07:25 +0700 skrev tino: > RE: 2.6S1 WCCP2 problems http_port 3128 transparent > vhost vport=80 why vhost and vport=80? These are for accelerator/reverse proxy mode, not Internet proxies.. The transparent keyword takes care of all which is needed in transparent interception. > #-at squid: > insmod ip_gre > ifconfig gre0 up > ip addr add 172.0.0.2 255.255.255.252 dev gre0 I would say it's better to create a new GRE tunnel for the router. ip tunnel add wccp mode gre remote ip.of.router ip addr add proxy.server.ip/32 dev wccp ip link set wccp up and intercepted packets redirected by the router should be coming in on the virtual wccp interface, where they can easily be redirected to Squid iptables -t nat -A PREROUTING -i wccp -p tcp -j REDIRECT --to 3128 You quite likely also need to disable reverse-path lookups on the wccp interface echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter IP forwarding does not need to be enabled. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
