Re: [squid-users] routing OR different IP address

Great!

Ok, my cache have two ip from different subnets.

I have the a policy route to the cache on one ip address.

eg
access-list 110 deny tcp any any neq www
access-list 110 deny tcp host 200.50.68.7 any
access-list 110 permit tcp any any
access-list 110 deny tcp any any
access-list 120 deny tcp any any neq ftp
access-list 120 deny tcp host 200.50.68.7 any
access-list 120 permit tcp any any
access-list 120 deny tcp any any
route-map cache permit 110
 match ip address 110
 set ip next-hop 200.50.68.7
!
route-map cache permit 120
 match ip address 120
 set ip next-hop 200.50.68.7

The other IP is 64.110.11.2.

As you can see here, the ciso is only sending to the 200.50.68.7.

What I believe here, after sending you that email, 64.110.11.2 is not getting pass the router faste0/0 interface.

If that is the case then I will have to add

        access-list 110 deny tcp host 64.110.11.2 any

to the access-list.

What do you think Henrik?

Please have a nice sunday.

> > Now if possible routing is setup in the cisco to route to one of the
> > subnet containing the caching server, say 1.1.0.4. What will happen to
> > the other subnet when squid use that outgoing address from that
> > subnet?
>
> Sorry, I do not understand your question. Can you please outline it in
> more details?
>
> Routing is routing between things, you cannot route to a subnet.
>
> > Would it keep on getting bounce back?
> > cisco-to-cache cache-to-cisco and so forth
>
> If you are doing "transparent" redirection of port 80 to the cache then
> you must make sure that any of the IP's the cache may use for outgoing
> connections is not redirected back on the cache.
>
> --
> Henrik Nordstrom
> Squid Hacker
>

Thank you very much.

Best regards,
 
Edward Millington
(Network Administrator & Senior Technical Support Technician)
Cariaccess Communications Ltd.
Wildey
St. Michael
Barbados
1-246-430-7435
Fax : 1-246-431-0170
www.cariaccess.com

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Edward" <edward@cariaccess.com>
Cc: "squid" <squid-users@squid-cache.org>
Sent: Sunday, May 06, 2001 11:56 AM
Subject: Re: [squid-users] routing OR different IP address

> Edward wrote:
>
> > I am using acl_map2_outgoing to have squid used a particular IP for
> > each subnet. Remember that the subnets are setup on the router
> > (cisco) (Do I need two NICs???)
>
> You should almost never connect two NICs to the same lan segment
> (physical, not logical subnet.. there may be any number of subnets on
> one lan segment). If your router has two networks on the same interface,
> then you should do the same on the host by using ip aliases on the NIC.
>
> > When not use (acl_map2_outgoing ), the machine will use its ip
> > address!???
>
> When you are not using acl_map2_outgoing or tcp_outgoing_address then
> your OS select the IP of the interface your routing table routes the
> traffic via on the first packet of the TCP connection.
>
> > Now when used, what is the difference in operations?
>
> The idea is that when you use acl_map2_outgoing Squid should explicitly
> select different IP's depending on your acl_map2_outgoing settings,
> overriding the automatic IP selection done by the OS.
>
> To be able to do this the IP used in acl_map2_outgoing (or
> tcp_outgoing_address if only using one IP) must be an existing IP on the
> host where Squid runs.
>
> > When such a reply is made, does information comes back to to the
> > "outgoing ip?" "Yes it does"!!!???
>
> TCP always sends replies back to the source IP of the TCP connection. It
> would not work otherwise. How the packets gets routed TCP does not care
> about, it is a matter of routing tables.
>
> > Good, with that in mind, what would the setup be on the NIC, routing
> > and so on?
>
> If your router has two networks on the same interface then one nic with
> two networks assigned to it (one main, one alias), just as you do on the
> router.
>
> If the router is using different interfaces for each subnet, then you
> should need two NICs to connect the host to the two LAN segments.
>
> Routing should be set up to default-route to your router on any of the
> two IP's. Which of the two router IP's you default rote to depends on
> how you want your OS to automatically assign IP's on connections where
> the application has not requested a specific source IP.
>
> > Now if possible routing is setup in the cisco to route to one of the
> > subnet containing the caching server, say 1.1.0.4. What will happen to
> > the other subnet when squid use that outgoing address from that
> > subnet?
>
> Sorry, I do not understand your question. Can you please outline it in
> more details?
>
> Routing is routing between things, you cannot route to a subnet.
>
> > Would it keep on getting bounce back?
> > cisco-to-cache cache-to-cisco and so forth
>
> If you are doing "transparent" redirection of port 80 to the cache then
> you must make sure that any of the IP's the cache may use for outgoing
> connections is not redirected back on the cache.
>
> --
> Henrik Nordstrom
> Squid Hacker
>
Received on Sun May 06 2001 - 10:47:04 MDT