[squid-users] Re: Re: Re: Re: WCCP + squid 2.5-STABLE7 + linux 2.6.10

From: Jesse Guardiani <jesse@dont-contact.us>
Date: Thu, 24 Feb 2005 20:14:26 -0500

Henrik Nordstrom wrote:

> On Thu, 24 Feb 2005, Jesse Guardiani wrote:
>
>> I don't think it is anymore. It seems like the packets are just
>> dissappearing after they hit my iptables rule. I tried placing OUTPUT and
>> POSTROUTING LOG rules around the NAT table, and their hit counters
>> increment if I hit the cache directly from a web browser, but if I hit it
>> transparently the packet just dissappears after the REDIRECT to port
>> 3128.
>
> Try using DNAT instead of REDIRECT.

I thought you might say that, so I tried it with DNAT earlier in the day.
I tried destination addresses 192.168.10.2 (my ip alias on eth0:22) and
192.168.1.2 (my "real" eth0 ip). Neither worked. Here's an example of the
latter:

# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 425 packets, 61769 bytes)
 pkts bytes target prot opt in out source destination
   43 2580 DNAT tcp -- gre1 any anywhere anywhere tcp dpt:www to:192.168.1.2:3128

Do you see anything wrong with the above?

I'm starting to think that something is wrong with linux's gre WCCP
decapsulation. That's why I keep asking if anyone actually has
this working on my kernel and my squid. But I guess, judging from
the silence, that nobody has it working yet.

Is there a better alternative to WCCP? I'm particularly interested
in the fail-over feature. I'd hate for my user's internet access
to go down just because my squid server rebooted.

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net
Received on Thu Feb 24 2005 - 18:14:57 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST