On 24/07/2012 7:13 p.m., Ioannis Pliatsikas wrote:
Thanks all
managed to get it partially working
Cisco redirecting traffic to squid but squid is not accepting it.
Used
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 8080
to redirect all incoming traffic to squid port but access.log shows no
activity
tcpdump
10:03:27.428145 IP (tos 0x0, ttl 127, id 31964, offset 0, flags [DF],
proto TCP (6), length 52)
10.72.192.61.59817 > 209.85.148.138.80: Flags [S], cksum 0xd6dd
(correct), seq 3440021710, win 8192, options [mss 1460,nop,wscale
2,nop,nop,sackOK], length 0
10:03:27.428232 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
TCP (6), length 52)
209.85.148.138.80 > 10.72.192.61.59817: Flags [S.], cksum 0x308c
(incorrect -> 0x96db), seq 3493353134, ack 3440021711, win 14600,
options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
10:03:27.480245 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
TCP (6), length 52)
176.9.44.80.80 > 10.72.192.61.59806: Flags [S.], cksum 0xa705
(incorrect -> 0xa05d), seq 3110682159, ack 1547219199, win 14600,
options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
10:03:27.655208 IP (tos 0x0, ttl 127, id 31966, offset 0, flags [DF],
proto TCP (6), length 52)
10.72.192.61.59818 > 209.85.148.138.80: Flags [S], cksum 0x09ce
(correct), seq 2337382294, win 8192, options [mss 1460,nop,wscale
2,nop,nop,sackOK], length 0
10:03:27.655289 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
TCP (6), length 52)
209.85.148.138.80 > 10.72.192.61.59818: Flags [S.], cksum 0x308c
(incorrect -> 0xd8b2), seq 3393736119, ack 2337382295, win 14600,
options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
any ideas why chsum is incorrect and why is not redirecting to port 8080?
iptables NAT or NIC problem. Are you missing the MASQUERADE rule for the
return traffic?
Amos
