Hi Alex,
Still cannot work :(
Right now you use wccp too ?
My i know what os and distro that you use ?
regards
ketua@kampung
Alex Montoanelli wrote:
Setting your squid to:
http_port 110.92,64,3:1328
I assume that your wccp tun ins wccp0, then use this rule:
iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j DNAT
--to-destination 110.92.64.3:3128
Then apply this rule in your sysctl:
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.forwarding = 1
net.core.somaxconn = 2048
net.ipv4.tcp_low_latency = 1
net.ipv4.ip_local_port_range = 1024 65000
Regards
Alex
On Tue, Jun 9, 2009 at 12:00 AM, ketua kampung<ketua@xxxxxxxxxxxxxx> wrote:
Hi Alex,
iptables dnat is working. but the squid still cannot accept the packet.
root@box:~# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 3089 packets, 256K bytes)
pkts bytes target prot opt in out source destination
14 840 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 to:110.92.64.3:3128
i can see packet if i tcpdump to interface wccp, but when i tcpdump to port
3128 i don't see any traffic.
regards
ketua@kampung
Alex Montoanelli wrote:
Hello Ketua,
You can't use REDIRECT target of iptables.
You need use DNAT --to-destination: IP_OF_ETHERNET:3128
If you redirect to localhost, the packets are silent droped.
Regards
