Hi Nicolas,
I was using this WIKI to configure, and thought the same thing you did..
would not my destination be anything BUT my local net? Then at the end of
this WIKI there is a guy that has my type of set-up.
"Interception Caching with Linux 2.6.18, ip_gre, Squid-2.6 and cisco IOS
12.4(6)T2 by ReubenFarrelly"
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy
So I tried the ! <my net> approach, though i noticed he used DNAT.. Not=20
sure why. Anyway, I get hits, but still nothing into Squid.
iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 2968 packets, 969K bytes)
pkts bytes target prot opt in out source destination
64 3328 DNAT tcp -- wccp0 any 10.0.0.0/16 !10.0.0.0/16 tcp dpt:http to:10.0.0.20:3128
The counter only climbs when I try to surf from IE7. So it's getting hit.
I want to try yours now and see what happens.
iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 5763 packets, 1846K bytes)
pkts bytes target prot opt in out source destination
12 624 REDIRECT tcp -- wccp0 any anywhere anywhere tcp dpt:http redir ports 3128
Hrmmmm, got hits, but same result.. the browser justs sits there. No logs
in Squid.
Nick
--
Nick Ellson
Dad
CCDA, CCNP, CCSP, CCAI,
MCSE 2000, Security+, Network+
Network Hobbyist, VFR Private Pilot.