Hi Alex,
Still cannot work :(
Right now you use wccp too ?
My i know what os and distro that you use ?
regards
ketua_at_kampung
Alex Montoanelli wrote:
> Setting your squid to:
>
> http_port 110.92,64,3:1328
>
> I assume that your wccp tun ins wccp0, then use this rule:
>
> iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j DNAT
> --to-destination 110.92.64.3:3128
>
> Then apply this rule in your sysctl:
>
> net.ipv4.conf.default.forwarding = 1
> net.ipv4.conf.all.forwarding = 1
> net.core.somaxconn = 2048
> net.ipv4.tcp_low_latency = 1
> net.ipv4.ip_local_port_range = 1024 65000
>
>
> Regards
> Alex
>
>
> On Tue, Jun 9, 2009 at 12:00 AM, ketua kampung<ketua_at_kampung.web.id> wrote:
>> Hi Alex,
>>
>> iptables dnat is working. but the squid still cannot accept the packet.
>>
>> root_at_box:~# iptables -t nat -vnL
>> Chain PREROUTING (policy ACCEPT 3089 packets, 256K bytes)
>> pkts bytes target prot opt in out source destination
>> 14 840 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
>> tcp dpt:80 to:110.92.64.3:3128
>>
>> i can see packet if i tcpdump to interface wccp, but when i tcpdump to port
>> 3128 i don't see any traffic.
>>
>> regards
>>
>> ketua_at_kampung
>>
>>
>>
>> Alex Montoanelli wrote:
>>> Hello Ketua,
>>>
>>> You can't use REDIRECT target of iptables.
>>>
>>> You need use DNAT --to-destination: IP_OF_ETHERNET:3128
>>>
>>> If you redirect to localhost, the packets are silent droped.
>>>
>>> Regards
Received on Wed Jun 10 2009 - 23:46:48 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 11 2009 - 12:00:03 MDT