Re: [squid-users] Transparent caching problem

From: Kamel A. Baba <kamelbaba@dont-contact.us>
Date: Wed, 15 Mar 2006 09:22:43 -0800 (PST)

Daniel,

Thanks for your help.
I tried what you suggested. However, I am getting the
same results as before. The traffic is actually being
redirected to DG/squid and being decapsulated but
still DG cannot see the traffic.
I did a tcpdump while trying to access dell.com
(143.166.224.178) and here's the relevant output:
19:13:44.550149 IP 80.246.48.1 > 80.246.48.50:
gre-proto-0x883e
19:13:44.550149 IP 192.168.0.11.4697 >
143.166.224.178.http: S 1864689626:1864689626(0) win
16384 <mss 1460,nop,nop,sackOK>
19:13:47.436237 IP 80.246.48.1 > 80.246.48.50:
gre-proto-0x883e
19:13:47.436237 IP 192.168.0.11.4697 >
143.166.224.178.http: S 1864689626:1864689626(0) win
16384 <mss 1460,nop,nop,sackOK>

80.246.48.1: router
80.246.48.50: DG/squid
192.168.0.11: my laptop
143.166.224.178: dell.com

I really need to fix this ASAP and your help is much
appreciated.

Thanks,
Kamel

Thanks for your

--- Daniel EPEE LEA <epeelea@gmail.com> wrote:

> Kamel,
>
> I used
>
> 1- For gre tunned, after loading ip_gre module at
> startup, I have
> this gre interface.
> You can copie it exactly the IP address in there
> doesn't matter.
>
> [root@cachedla network-scripts]# cat ifcfg-gre0
> DEVICE=gre0
> BOOTPROTO=static
> IPADDR=172.16.1.6
> NETMASK=255.255.255.252
> ONBOOT=yes
> IPV6INIT=no
>
> and
>
> 2- for ip tables
> -A PREROUTING -s My_Network/20 -d ! My_Network/20
> -i gre0 -p tcp -m
> tcp --dport 80 -j DNAT --to-destination
> my_cache_server_IP:3128
>
> This is where I was mistaken, after doing this it
> worked!!
>
> 3- Make sure your /etc/sysctl.conf is allright too
> # Controls IP packet forwarding
> net.ipv4.ip_forward = 1
>
> # Controls source route verification
> net.ipv4.conf.default.rp_filter = 0
>
> For more details on IP tables and GRE, please check
> these links ;)
> http://www.reub.net/node/3
>
>
http://www.squid-cache.org/mail-archive/squid-users/200510/0027.html
>
>
> Hope this helps,
>
> --
> --------------------------
> Daniel Epee Lea
>
Received on Wed Mar 15 2006 - 10:22:50 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST