[squid-users] Proper use of the tcp_outgoing_address tag on a multi homed OpenBSD 3.1 host

Hi All,

I have Squid running on an OpenBSD 3.1 system (compiled from the source
squid-2.5.STABLE1-20030102.tar.gz ). The system is a gateway server
connected internally via a 192.168/16 subnet and external via a single
port with 5 IPs (there is quite a story there that is not topical to
this forum). The system has a default route set to the main IP of the
external interface. The Nat rules map bidirectionaly certain internal
fixed ips to an external fixed IP while the dhcp group share an IP. This
is working as expected.

Squid's current deployment is to act as a proxy server for those IP's
that I do not want direct connection to the internet for but do want to
be able to browse the web. I setup squid and it's working as intended
(no caching just proxying) except for one matter.

I had used the tcp_outgoing_address to emulate the nat arrangement
(certain internal clients need a fixed IP to reach certain sites).
However, this is not working as expected. All squid traffic seems to be
routed the external interface using the primary IP.

Here is an example tag line:

acl external_2 src 1.1.1.2/255.255.255.255
tcp_outgoing_address 192.168.0.60 external_2

This line SHOULD render external traffic from 192.168.0.60 as 1.1.1.2
(which is one of my aliases IP addresses) but instead the external
traffic exits squid as occurring on the primary interface IP 1.1.1.1.
However, if I just use strait nat the traffic exists the gateway as
1.1.1.2 (per expectations).

Here is the compilation line I used:

>cat squid.sh | par
#!/bin/sh ./configure --prefix=/usr/local/squid --enable-stacktraces
--disable-ident-lookups --enable-ssl --enable-htcp --enable-referer-log
--enable-pf-transparent --enable-useragent-log --with-dl
--enable-gnuregex

Currently I am not using PF redirection nor have I joined any cache
groups (in fact ICP and HTCP are disabled via the proper tag) until I
iron this matter out. Can anyone give me a hand with properly
configuring squid to make use of my other IP's?

Please let me know if sending the entire configuration file would help
troubleshoot this matter.

TIA

Sam Stern
Glen Burnie, MD, USA
Received on Fri Jan 03 2003 - 23:05:55 MST