RSCL Mumbai wrote:
> On Thu, May 14, 2009 at 4:33 PM, Jeff Pang <pangj_at_arcor.de> wrote:
>> RSCL Mumbai:
>>
>>> What would like to configure is setup "specific G/ws for specific
>>> clients".
>>>
>>> 192.168.1.100 to use G/w 192.168.1.1
>>> 192.168.1.101 to use G/w 192.168.1.1
>>> 192.168.1.102 to use G/w 192.168.1.2
>>> 192.168.1.103 to use G/w 192.168.1.2
>>> 192.168.1.104 to use G/w 192.168.1.2
>>> 192.168.1.105 to use G/w 192.168.1.3
>>> 192.168.1.106 to use G/w 192.168.1.3
>>>
>
>
>
> I just found out that squid is removing the marking on the packet:
> This is what I am doing:
>
> (1) I marked packets coming from 10.0.0.120 to port 80, with "mark1"
> (mark1 corresponds to isp1)
> (2) I added a route rule which says that all packets having mark 1
> will be routed through ISP 1
>
> But the packets are not routing via ISP1
>
> When I disable squid redirection rule in IPTables (post 80 redirection
> to 3128 squid), the markings are maintained and packets route via
> ISP1.
>
> Now the big question is why is squid removing the marking ??
Because the packets STOP at their destination software.
Normally the destination is a web server. When you NAT (redirect) a
packet to Squid it STOPS there and gets read by Squid instead of passing
on to the web server.
IF Squid needs to fetch the HTTP object requested from the network a
brand new TCP connection will be created only from Squid to the web server.
> And how can this be prevented ??
By not intercepting packets. As you already noticed.
Squid offers alternatives, tcp_outgoing_address has already been
mentioned. tcp_outgoing_tos is an alternative that allows you to mark
packets leaving Squid.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.7Received on Fri May 15 2009 - 05:08:28 MDT
This archive was generated by hypermail 2.2.0 : Fri May 15 2009 - 12:00:02 MDT