Hello Amos,
Thanks for the prompt reply.
The only NAT I have in place is on the router and squid box. On the
router I have
ip nat inside source list 1 interface FastEthernet0/1 overload
and on the squid box I have,
iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j
DNAT --to-destination <SQUID_PUBLIC_IP>:3128
iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 8000 -j
DNAT --to-destination <SQUID_PUBLIC_IP>:3128
iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 8080 -j
DNAT --to-destination <SQUID_PUBLIC_IP>:3128
Much as the client request gets to the squid box, nothing is written
to squid's access.log. I receive connection timeouts
when I try surfing on one of the client machines.
Using squid 3.1.12 on Slackware 13.1.
> You seem to mistake how WCCP works. It is a tunnel, where the HTTP packets
> entering the Cisco router get sent *unchanged* to the Squid box for
> handling. Exactly as if you had plugged the Squid box in as a second router
> or bridge between the Cisco and clients.
>
> Don't worrying about it. The global connections will go back to the Cisco
> with the Squid box IP and then go through whatever border NAT you have in
> place. The private client IP will never touch the global Internet directly.
>
> As it stands you can track the internal LAN PC behaviour directly from the
> Squid logs without having to record and lookup NAT conversions after the
> fact.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.12
> Beta testers wanted for 3.2.0.7 and 3.1.12.1
>
Received on Mon May 23 2011 - 06:39:53 MDT
This archive was generated by hypermail 2.2.0 : Mon May 23 2011 - 12:00:02 MDT