Henrik Nordstrom wrote:
> On Thu, 24 Feb 2005, Jesse Guardiani wrote:
>
>> I don't think it is anymore. It seems like the packets are just
>> dissappearing after they hit my iptables rule. I tried placing OUTPUT and
>> POSTROUTING LOG rules around the NAT table, and their hit counters
>> increment if I hit the cache directly from a web browser, but if I hit it
>> transparently the packet just dissappears after the REDIRECT to port
>> 3128.
>
> Try using DNAT instead of REDIRECT.
I thought you might say that, so I tried it with DNAT earlier in the day.
I tried destination addresses 192.168.10.2 (my ip alias on eth0:22) and
192.168.1.2 (my "real" eth0 ip). Neither worked. Here's an example of the
latter:
# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 425 packets, 61769 bytes)
pkts bytes target prot opt in out source destination
43 2580 DNAT tcp -- gre1 any anywhere anywhere tcp dpt:www to:192.168.1.2:3128
Do you see anything wrong with the above?
I'm starting to think that something is wrong with linux's gre WCCP
decapsulation. That's why I keep asking if anyone actually has
this working on my kernel and my squid. But I guess, judging from
the silence, that nobody has it working yet.
Is there a better alternative to WCCP? I'm particularly interested
in the fail-over feature. I'd hate for my user's internet access
to go down just because my squid server rebooted.
-- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.netReceived on Thu Feb 24 2005 - 18:14:57 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST