Hi squid-users, I'm currently trying to replace an old netapp proxy with a squid+linux box. I've some users behind a Cisco 7200 running IOS 12.4(12) using the proxy in transparent mode. The current proxy uses WCCP2+GRE to get the traffic from the router. The aim is to reproduce this behaviour with the squid box. I've set up a box running Linux Debian, with kernel 2.6.18-3-k7 from debian and squid-2.6.STABLE8 compiled with the following options : $ ./configure --prefix=/opt/package/squid-2.6.STABLE8 --enable-storeio=aufs,coss,diskd,null,ufs --enable-removal-policies=heap,lru --enable-useragent-log --enable-referer-log --enable-wccp --enable-wccpv2 --enable-snmp --enable-linux-netfilter --enable-large-cache-files --disable-ident-lookups --with-pthreads my squid.conf file include these lines : http_port 3128 transparent wccp2_router <ip_of_the_cisco_router> wccp2_rebuild_wait on wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_assignment_method 1 wccp2_service standard 0 I have set up an unnumbered GRE tunnel between the box and the router : # iptunnel del gre0 # iptunnel add gre0 mode gre remote <ip_of_the_cisco_router> local <ip_of_the_linux_box> dev eth0 # ifconfig gre0 up I've added these commands to enable routing and disable spoof protection. # echo 1 > /proc/sys/net/ipv4/ip_forward # for file in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $file done To do the redirection, i'm using iptables, with all default policies set to ACCEPT, plus this rule : # iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination <ip_of_the_linux_box>:3128 The Cisco router has been doing the job for years, so I doubt the problem comes from it. The squid proxy is running, with no error messages. I've tested it by explicitely declaring it in my browser, and it works perfectly. The router can see the proxy (it is in his WCCP list) and it sends the packets to the linux box. I can see the encapsulated packets coming to the linux box, i can see the packets coming out of the GRE tunnel (tcpdump -i gre0), they hit the iptable redirection rule (iptables -t nat -L -v (the couter is increasing)), but afterwards, they seem to disappear. No trace in the squid log. The tcp session is not established. I see no related traffic coming out of the box either. Does someone has an idea of what could be happening ? I'm also very interrested in knowing how (in therory) the answer is supposed to return to the client. Thanks -- Nicolas L.