Re: [squid-users] WCCP2 L2 redirect with Squid transparent

From: Shawn Wright <swright_at_shawnigan.ca>
Date: Thu, 26 Aug 2010 09:26:43 -0700 (PDT)

----- "Amos Jeffries" <squid3_at_treenet.co.nz> wrote:

>
> Um, ACK means *something* accepted the connection and responded to the
>
> client box. All things working that should have been Squid.

This is the part the puzzles me. I'm not sure what is accepting it, if not squid.

> The usual source of this behaviour is admin overlooking the fact that
> the
>
> Squid box in these setups is a router (which *happens* to only route
> port
>
> 80 traffic passed in by the WCCP, but still routing). It requires
> packet
>
> forwarding to be working and rp_filter to be disabled.
>
>
>
> By "I enable proxy to 72.2.0.4:80" do you mean configuring the
> browser to
>
> use a proxy at 72.2.0.4:80 ?
>
> Or that you configure Squid to listen on 72.2.0.4:80 ?

I change the browser to use proxy, and it works fine. No changes made on the squid box.

I have been advised to get a tcpdump from the client, which I will do next. I will look into rp_filter setting also.

===

Sorry, that last reply was meant for the list. I checked into the rp_filter setting:

net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.eth1.arp_filter = 0
net.ipv4.conf.gre0.rp_filter = 0
net.ipv4.conf.gre0.arp_filter = 0

Also, the tcpdump from the client shows nothing coming back to it, just the outgoing SYN.

Regards,

Shawn Wright
I.T. Manager, Shawnigan Lake School
http://www.shawnigan.ca
Received on Thu Aug 26 2010 - 16:26:52 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 26 2010 - 12:00:02 MDT