On Tue, Dec 05, 2006, Jason Taylor wrote: > The intercept router: > - Cisco 6509 > - IOS version 12.2.18sxf Hm, I've heard rumours that there's been some WCCPv2 bugs in the SXF code. Yah, there's an unrelated bug resolved in 12.2(18)SXF7 and a couple more in previous releases but nothing related to GRE. Ok. > - loopback IP: 172.20.1.72 > - WCCP IP (IP facing squid): 192.168.40.33 (default gateway for squid) > +-------+-------+ +------------+ > | 192.168.251.1 | | Internet | > | Cisco 6509 +---+ Firewall +==> To Internet > | v12.2.18 sxf | | NAT is here| > | 192.168.40.33 | +------------+ > +-------+-------+ > | > +-------+-------+ > | 192.168.40.37 | > | Squid Proxy | > +---------------+ > > Squid.conf settings: > wccp2_router 192.168.40.33 > wccp2_address 192.168.40.37 > wccp2_service standard 0 If its directly connected then I'd give using L2 forwardinga shot over GRE forwarding. Just set wccp2_forwarding_method 2 in squid.conf. See if L2 redirection does the right thing. Keep the iptables rule but toss the GRE tunnel. (I'd also suggest trying mask assignment over hash assignment with Squid-2.6 but apparently mask assignment is causing Squid to crash. I'm testing a workaround atm. It won't matter unless you're doing quite a lot of traffic and you notice the MSFC CPU usage go way up.) Adrian -- - Xenion - http://www.xenion.com.au/ - Hosting and Commercial Squid Support -
