Hello Amos, Thanks for the prompt reply. The only NAT I have in place is on the router and squid box. On the router I have ip nat inside source list 1 interface FastEthernet0/1 overload and on the squid box I have, iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j DNAT --to-destination <SQUID_PUBLIC_IP>:3128 iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 8000 -j DNAT --to-destination <SQUID_PUBLIC_IP>:3128 iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination <SQUID_PUBLIC_IP>:3128 Much as the client request gets to the squid box, nothing is written to squid's access.log. I receive connection timeouts when I try surfing on one of the client machines. Using squid 3.1.12 on Slackware 13.1. > You seem to mistake how WCCP works. It is a tunnel, where the HTTP packets > entering the Cisco router get sent *unchanged* to the Squid box for > handling. Exactly as if you had plugged the Squid box in as a second router > or bridge between the Cisco and clients. > > Don't worrying about it. The global connections will go back to the Cisco > with the Squid box IP and then go through whatever border NAT you have in > place. The private client IP will never touch the global Internet directly. > > As it stands you can track the internal LAN PC behaviour directly from the > Squid logs without having to record and lookup NAT conversions after the > fact. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.12 > Beta testers wanted for 3.2.0.7 and 3.1.12.1 >
