----- "Amos Jeffries" <squid3_at_treenet.co.nz> wrote:
>
> Um, ACK means *something* accepted the connection and responded to the
>
> client box. All things working that should have been Squid.
This is the part the puzzles me. I'm not sure what is accepting it, if not squid.
> The usual source of this behaviour is admin overlooking the fact that
> the
>
> Squid box in these setups is a router (which *happens* to only route
> port
>
> 80 traffic passed in by the WCCP, but still routing). It requires
> packet
>
> forwarding to be working and rp_filter to be disabled.
>
>
>
> By "I enable proxy to 72.2.0.4:80" do you mean configuring the
> browser to
>
> use a proxy at 72.2.0.4:80 ?
>
> Or that you configure Squid to listen on 72.2.0.4:80 ?
I change the browser to use proxy, and it works fine. No changes made on the squid box.
I have been advised to get a tcpdump from the client, which I will do next. I will look into rp_filter setting also.
===
Sorry, that last reply was meant for the list. I checked into the rp_filter setting:
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.eth1.arp_filter = 0
net.ipv4.conf.gre0.rp_filter = 0
net.ipv4.conf.gre0.arp_filter = 0
Also, the tcpdump from the client shows nothing coming back to it, just the outgoing SYN.
Regards,
Shawn Wright
I.T. Manager, Shawnigan Lake School
http://www.shawnigan.ca
Received on Thu Aug 26 2010 - 16:26:52 MDT
This archive was generated by hypermail 2.2.0 : Thu Aug 26 2010 - 12:00:02 MDT