On 09/05/18 16:59, Ilias Clifton wrote: > > Hi Alex, > > On the wccp0 interface I only see traffic arriving in 1 direction - original client ip to destination ip. > > The ubuntu box only has a single ethernet interface - Sorry, that should have been in my original question. I see the gre traffic arriving from the router, but again - no response. > > I tried adding a MASQUERADE line to the iptables rules, just to see if it made a difference.. but same result. > The MASQUERADE (or an equivalent SNAT) on the reply traffic going from Squid back to the router is *definitely* needed to balance the REDIRECT rule. Otherwise the router will reject or mishandle packets Squid sends over the gre when you do get that part working. > > Sent: Wednesday, May 09, 2018 at 2:37 PM > From: "Alex K" > > When I try and browse to a site from a client.. > $ wget http://www.google.com[http://www.google.com] > > On the Ubuntu box, I see gre traffic on the ethernet interface.. > 00:44:22.340734 IP 172.28.28.33 > 172.28.28.252[http://172.28.28.252]: GREv0, length 72: gre-proto-0x883e > > > I see the un-encapsulated traffic on the wccp0 interface: > 00:56:26.888519 IP 172.28.29.4.52128 > 216.58.203.100.80 > > Which is correctly showing original client IP and destination IP. > > I can see hits on the iptable redirect rule: > pkts bytes target prot opt in out source destination > 429 26280 REDIRECT tcp -- wccp0 any anywhere anywhere tcp dpt:http redir ports 3129 > > > But there is no response from squid on the Ubuntu box :-( Is there outbound Squid<->server traffic happening? and what does that look like? Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
