On Mon, 2003-09-22 at 07:22, boka wrote:
> Hi !
>
> - required options to iptables:
> PREROUTING -s 10.10.32.61 -i eth0 -p tcp -m tcp --dport 80 -j MARK
> --set-mark 0x2
> - table to rt_tables:
> echo 202 www.out >> /etc/iproute2/rt_tables
> - ip rule command:
> ip rule add fwmark 2 table www.out
> - ip route command (squid machine is in a different network than router)
> ip route add default via 10.10.21.2 via 10.10.20.1 dev eth0 table www.out
This looks suspect - two via' statements?
Secondly, if squid is not on the LAN attached to this router, you will
need to perform similar ip route commands on the next router, otherwise
it will route the traffic out via it's default route, (remember the
destiation address is still for the internet, not for the squid
address).
Rob
-- GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:59 MST