Henrik, I will give that a shot. Is there any reason why this isn't in the FAQ? This is the first place i checked when my config didn't work. Thanks, Bryan On Wed, 2006-07-19 at 10:04 -0400, Henrik Nordstrom wrote: > ons 2006-07-19 klockan 07:25 +0700 skrev tino: > > RE: 2.6S1 WCCP2 problems http_port 3128 transparent > > vhost vport=80 > > why vhost and vport=80? These are for accelerator/reverse proxy mode, > not Internet proxies.. The transparent keyword takes care of all which > is needed in transparent interception. > > > > #-at squid: > > insmod ip_gre > > ifconfig gre0 up > > ip addr add 172.0.0.2 255.255.255.252 dev gre0 > > I would say it's better to create a new GRE tunnel for the router. > > ip tunnel add wccp mode gre remote ip.of.router > ip addr add proxy.server.ip/32 dev wccp > ip link set wccp up > > and intercepted packets redirected by the router should be coming in on > the virtual wccp interface, where they can easily be redirected to Squid > > iptables -t nat -A PREROUTING -i wccp -p tcp -j REDIRECT --to 3128 > > You quite likely also need to disable reverse-path lookups on the wccp > interface > > echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter > > > IP forwarding does not need to be enabled. > > Regards > Henrik
