It works if I configure my client to use the proxy and it works if I point my default route to the proxy machine when I am on the same subnet. The firewall is completely disabled. gre1 has IP of 127.0.0.2. http_port 3128 transparent iptables-save -t nat # Generated by iptables-save v1.3.5 on Thu Jun 14 14:58:08 2007 *nat :PREROUTING ACCEPT [139:7087] :POSTROUTING ACCEPT [742:45345] :OUTPUT ACCEPT [622:39585] -A PREROUTING -i gre1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 COMMIT # Completed on Thu Jun 14 14:58:08 2007 -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: Thursday, June 14, 2007 5:02 PM To: Van Der Hart, Kevin Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Red Hat 5 - Squid 2.6 Stable 13 WCCP V2 and GRE tor 2007-06-14 klockan 14:59 -0500 skrev Van Der Hart, Kevin: > Ok. My iptable rule was not intercepting the packet as I had created the > rule for eth0 not gre1. I created the rule for gre1 as shown below. Now > the packets don't get forwarded to the router and loop as they were > before, but still Squid does not reply via eth0 with a SYN ACK. A > tcpdump on gre1 sees the incoming SYN packets while a tcpdump on eth0 > only sees the GRE encrypted traffic. Does it work if you configure your client to use the proxy? What address is gre1 configured with, and what do your http_port line look like? Any firewall rules in INPUT or OUTPUT which might block the traffic? iptables-save Regards Henrik
