-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nick Ellson wrote:
> I think I have followed the bunny trail pretty far here and I wold love
> some advice on how to debug this further. How can I see between the
> redirect packet landing on eth0 from the wccp0 tunnel to why iptables
> never gets it to squid?
>
> iptables -t nat -L
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> ACCEPT 0 -- anywhere 10.0.2.0/24
> REDIRECT tcp -- anywhere anywhere tcp
> dpt:http redir ports 3128
> ACCEPT 0 -- anywhere 10.0.0.0/24
> REDIRECT tcp -- anywhere anywhere tcp
> dpt:http redir ports 3128
I think the PREROUTING destination is not 10.0.2.0/24 or 10.0.0.0/24.
PREROUTING would see the decapsulated packet, so it would see the real
destination.
My iptables are
iptables -A PREROUTING -i wccp1 -p tcp -m tcp --dport 80 -j REDIRECT \
--to-ports 3128
iptables -A PREROUTING -i wccp1 -p tcp -m tcp --dport 8000 -j REDIRECT \
--to-ports 3128
iptables -A PREROUTING -i wccp1 -p tcp -m tcp --dport 8080 -j REDIRECT \
--to-ports 3128
>
> ip addr show wccp0
> 4: wccp0@eth0: <POINTOPOINT,NOARP,UP,10000> mtu 1476 qdisc noqueue
> link/gre 10.0.0.20 peer 222.222.222.222
> inet 10.0.0.20/32 scope global wccp0
>
> Nick
>
>
>
- --
A: Because it destroys the flow of conversation.
Q: Why is top posting dumb?
- --
Juan Nicolás Ruiz | Corporación Parque Tecnológico de Mérida
| Centro de Cálculo Cientifico ULA
nicolas@ula.ve | Avenida 4, Edif. Gral Masini, Ofic. B-32
+58-(0)274-252-4192 | Mérida - Edo. Mérida. Venezuela
PGP Key fingerprint = CDA7 9892 50F7 22F8 E379 08DA 9A3B 194B D641 C6FF
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD4DBQFGT6dhmjsZS9ZBxv8RAtQUAJdMrKVyw1rUozLJqlO5lMGoRPrrAJ9CXcYL
5HbNeNAxzk7pqXVgOmrpUA==
=1ox6
-----END PGP SIGNATURE-----
Received on Sat May 19 2007 - 19:44:18 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT