FreeBSD 6.x / GRE / WCCP / Squid

[Alan Garfield]

On Wed, 2005-12-07 at 08:32 +1100, Alan Garfield wrote:

> > I mean setting up the host explicitly to use the proxy? I don't
> > remember precisely, I did it a long ago, but I think you should use
> > wccp version 2 in order to run wccp with squid.
> 
> I've not tried version 2, but I will try it now.

Okay, Squid doesn't support WCCP version 2. So I decided to try to use a
route-map redirector to see if it was something else causing the issue.

Now I've have tried two was and I'm seeing the exact same problem.
Firstly I tried :-

kern conf
---------

options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD

ipfw conf
---------

ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80


I see the packets hitting fxp0 correctly and I see the forward rules,
but nothing appears in tcpdump for lo0 nor does squid see anything
either.

So secondly I tried to us IP Filter instead. I removed all the
IPFIREWALL stuff from the kernel and I setup ipf as follows :-

ipnat.rules
----------

rdr fxp0 0/0 port 80 -> 127.0.0.1 port 3128 tcp


Now I can see the transactions when I do 'ipnat -s' but still nothing
appears on the lo0. I have ip forwarding turned on and the machine is
acting as a gateway.

The only thing I can think of is the packets are from a private IP range
and the proxy server is in a routable IP range in my DMZ. But if that
where a problem why do I see the packets hitting the forwarding rules
but never coming out the otherside?

Any help would be appreciated.

Thanks,
Alan.