On 25/09/2013 1:02 a.m., Jordan Dalley wrote:
> I managed to get it to work by configuring the same on the linux box within the same datacentre. This linux box is still on a different subnet that the router being configured. The other linux box was in a remote datacentre attached to the same internal WAN. Not sure why it doesn't work from the remote site but I guess I can live with this.
Ah, yes.
You see GRE is only used for the router->Squid leg of the
client->router->Squid->Internet->Squid->client journey, and possibly
only for the WCCP info packets rather than the HTTP transaction packets.
Regular old routing is used to send the packets from Squid back to the
client machine. Unless you are very careful and pedantic with the
topology you can easily end up with triangular route issues.
Other potential sources of confusion is that:
* ifconfig is a well-known liar (use "ip" tool as in "ip route ..." for
the real un-alised interface details)
* tcpdump operates almost at the bare metal so there is likely a gre0
tunnel un-wrapping done between the capture point and the NAT rules -
making the -i interface not match properly sometimes (kernel version
dependent).
Amos
Received on Tue Sep 24 2013 - 14:37:00 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 24 2013 - 12:00:04 MDT