Re: [squid-users] Selecting source port on squid's requests

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 17 Dec 2002 21:43:01 +0100

Andrei Boros wrote:
>
> How can I configure squid with acl based source port ranges for the
> requests squid makes to origin servers?

By first having someone implement the feature for you. Today Squid fully
relies on the OS to assign suitable ports when making the connection.

> Reason for this is the following:
> - squid is behind a firewall
> - firewall is on another machine.
> - firewall uses multiple ISPs and does policy routing and traffic
> control.

In which case you almost certainly uses different IP addresses at least
after the firewall, in which case tcp_outgoing_address can do the job
very nicely.

You should also be able to use ToS for the job. Does not require
multiple IP addresses on the proxy.

My general recommendation is to try to lift the single IP address
restriction. As you already are using NAT in the firewall having
additional internal IP addresses for the proxy should not be an issue,
and for users not using NAT having additional IP addresses on the proxy
is a requirement to be able to divide the traffic among multiple ISPs.

Regards
Henrik
Received on Tue Dec 17 2002 - 14:42:29 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:07 MST