Just to compare: Squid Cache: Version 3.0.PRE4-CVS (same options for 2.6 work fine.) configure options: '--prefix=/usr/local/squid' '--enable-storeio=ufs aufs null' '--enable-linux-netfilter' Config: cache_effective_user adrian wccp2_service standard 0 #wccp2_service dynamic 80 #wccp2_service_info 80 protocol=tcp ports=80 priority=240 tcp_outgoing_address 203.56.15.78 wccp2_router 192.168.1.1:2048 http_port 192.168.1.10:3128 transparent vport=80 http_port localhost:3128 (I have this server doing wccp on a NATted interface; so it has a non-NATted public IP for external outbound connections..) Then: root@cindy:~/work/squid3# cat /root/wccp.sh #!/bin/sh ifconfig gre0 inet 1.2.3.4 netmask 255.255.255.0 up echo 1 > /proc/sys/net/ipv4/ip_forward echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter iptables -F -t nat # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128 eth0 is external, eth1 is internal. Cisco config is simple - enable wccp2 + web-cache, ip wccp web-cache redirect in on the internal interface. I've not got a spare PIX/ASA device here to try it against. Adrian
