How can I configure squid with acl based source port ranges for the
requests squid makes to origin servers?
Squid has the feature "tcp_outgoing_address" for selecting source IP for
outgoing packets to servers and other caches.
System is linux.
I would like something like the following:
acl net1 src 1.2.3.0/24
acl net2 dst 2.3.4.0/24
... etc
# using same notation as delay pool restore/max value
tcp_outgoing_ports 10000/10999 allow net1
tcp_outgoing_ports 11000/11999 allow net2
On linux /proc/sys/net/ipv4/ip_local_port_range defines the range of
source ports automatically assigned to a tcp/udp packet if source port
is not specifically defined by the application.
I want squid to use, for connection it makes to servers and other
caches, ports in user-defined ranges, on acl rules.
Reason for this is the following:
- squid is behind a firewall
- firewall is on another machine.
- firewall uses multiple ISPs and does policy routing and traffic
control.
I have a squid proxy that serves some clients behind it and it can
connect to the internet only through the firewall described above.
I have 1 ip on squid and I can't touch it.
I have to make a clear differentiation that is distinguishable at packet
level by netfilter between different types of traffic handled by squid.
Since rules include both destination networks and source networks
(behind squid) and some url_regex (mainly cgi stuff), the above
workaround is the only solution I could come up with that will make
traffic generated by squid distinguishable to ipchains/iptables/tc
filter...
Any suggestions are welcome.
Thank you.
-- Choose not to choose! Let Micro$oft do it for you! Or... the Penguin shall set you free... ------ Andrix E-mail: mailto:andrix@fx.ro Web : http://members.tripod.com/andrei_bReceived on Mon Dec 16 2002 - 09:28:13 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:06 MST