Thanks for all the help! I was able to get this up & running. My setup, by the way, uses the new Cisco ASA5510 firewall for WCCP. I am down to one issue at the moment, and I'm hoping for a little bit more help. I've experienced a few times that certain websites (like Ebay auctions) have problems. I can access most things on the site, but certain functions just die horribly in timeout-land. When I put the settings directly into the browser, I have no problem, but when running transparent using WCCP I have this problem. My daughter also pointed out (quickly) that she can't log in to MySpace (not a bad thing in my opinion for her, but I'd still like to know why). Any idea where I can start looking? Could this be an MTU issue? Thanks! Shaun -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: Saturday, September 16, 2006 3:11 AM To: Shaun Skillin (home) Cc: Squid Users Subject: RE: WCCPv2 current instructions? fre 2006-09-15 klockan 22:57 -0600 skrev Shaun Skillin (home): > I'm afraid I must still be missing something... according to the FAQ you > referenced (thank you by the way), the <Host-IP> should be used for the > eth0 and the wccp0 interface, which of course it doesn't like to do. Yes, and it works fine. There is no problem to have the same IP on many interfaces. > I used 1.2.3.4/32 for the wccp0 interface. A few things works better if the wccp interface has the same IP. > I see a redirected SYN packet arrive from the router to the Squid that > is GRE encapsulated. Then I see the SYN packet (not in GRE tunnel) sent > to its gateway, but it is using the IP address of the original sender, > not the Squid (however it does use the MAC of the Squid). Then your firewall iptables rules is not set proper. Regards Henrik
