WorkingMan <signup_mail2002 <at> yahoo.com> writes: > > Eliezer Croitoru <eliezer <at> ngtech.co.il> writes: > > > > > Hey there, > > > > Man you need to understand something. > > Your basic routing doesn't help in any way. > > In your case you should have a network which is a simple thing... > > I do not rembebr the machine settings but once you have a strickt > > "default via IP" > > the packets should flow throw this host. > > try to make sure first that ICMP packet flows from one machine to the > other. > > Then and only then try to make the packet flow from let say: > > VPN->MAIN-GW > > then try to access the internet and see what happens on both GW and VPN > > machines. > > you do have 10.0.0.1/24 as a Default GW so try to reach from 10.0.0.170 > > using 10.0.0.1 to the internet let say to google or yahoo or even my > > site.. ngtech.co.il. > > > > this basic network setup should work if configured properly and if the > > network infrastructure supports it. > > If even one of all the above is not met you will not succed and then you > > we will be back to routing which we can try to help but it means you > > have a way ahead before making squid work. > > can you by any chance remove all these mark setting and go back to > > routing just to make the basic setup work as it suppose to? > > And also the OUTPUT is another step after all the traffic to and from > > the internet back to this host is working.. > > > > Eliezer > > > > I can say for sure this is the issue. First of all I can make this work with > two Ubuntu VMs under the same LAN which allowed me to compare the difference. > > Eliezer's observation is correct. On my VMs traffic goes through the gateway > (ie: the router) before going to the remote box. On Amazon VPC for some > reason it tries to go directly to the remote box since the mac address is > that of SQUID box (not that of the gateway). > > If I use clean.rules traffic goes through the gateway. > If I use proxy.rules (with policy based routing) it will use SQUID's mac. > > I don't know how to fix this issue. > > Thanks, that's a big step forward > > Sorry for duplicate post. I posted as a new post in my last reply. Sorry, I need to correct above. It's actually doing something different because I was looking at a working setup I had information I don't with the VPC setup. All I can say is that I see gateway's mac on both VPN and remote boxes for VM setup. For VPC setup I can see VPN trying to reach SQUID server (retransmitting) so it didn't get far enough to reach the gateway. For some reason traffic is not reaching SQUID server (I am guessing something is dropping the traffic). Thanks,