On Wed, 25 Aug 2010 15:47:18 -0700 (PDT), Shawn Wright <swright@xxxxxxxxxxxx> wrote: > Hello, > > I've been trying to get a transparent squid setup to work with our Cisco > Cat 6500 MSFC layer 3 switch, which supports WCCP2 with L2 redirect (not > GRE). I can see the traffic reaching the squid box, and using a shorewall > redirect rule, it should be reaching squid on port 3128, but I see no > evidence of this in squid logs. > > tcpdump on the squid box shows this: > > 14:58:00.929489 IP 10.3.5.23.2565 > 136.1.241.33.80: S > 4047376542:4047376542(0) win 65535 <mss 1460,nop,nop,sackOK> > 14:58:00.929745 IP 136.1.241.33.80 > 10.3.5.23.2565: S > 2225419399:2225419399(0) ack 4047376543 win 5840 <mss 1460,nop,nop,sackOK> Um, ACK means *something* accepted the connection and responded to the client box. All things working that should have been Squid. > > 10.3.5.23 is the client using a webbrowser to hit 136.1.241.33, with no > proxy set. > If I enable proxy to 72.2.0.4:80, squid works correctly, which confirms > the redirect for port 80->3128 on the squid box is working. > > I'd appreciate some ideas on tracking down where this traffic is going. The usual source of this behaviour is admin overlooking the fact that the Squid box in these setups is a router (which *happens* to only route port 80 traffic passed in by the WCCP, but still routing). It requires packet forwarding to be working and rp_filter to be disabled. By "I enable proxy to 72.2.0.4:80" do you mean configuring the browser to use a proxy at 72.2.0.4:80 ? Or that you configure Squid to listen on 72.2.0.4:80 ? Amos
