RSCL Mumbai wrote:
> On Fri, May 15, 2009 at 10:38 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> RSCL Mumbai wrote:
>>> On Thu, May 14, 2009 at 4:33 PM, Jeff Pang <pangj_at_arcor.de> wrote:
>>>> RSCL Mumbai:
>>>>
>>>>> What would like to configure is setup "specific G/ws for specific
>>>>> clients".
>>>>>
>>>>> 192.168.1.100 to use G/w 192.168.1.1
>>>>> 192.168.1.101 to use G/w 192.168.1.1
>>>>> 192.168.1.102 to use G/w 192.168.1.2
>>>>> 192.168.1.103 to use G/w 192.168.1.2
>>>>> 192.168.1.104 to use G/w 192.168.1.2
>>>>> 192.168.1.105 to use G/w 192.168.1.3
>>>>> 192.168.1.106 to use G/w 192.168.1.3
>>>>>
>>>
>>>
>>> I just found out that squid is removing the marking on the packet:
>>> This is what I am doing:
>>>
>>> (1) I marked packets coming from 10.0.0.120 to port 80, with "mark1"
>>> (mark1 corresponds to isp1)
>>> (2) I added a route rule which says that all packets having mark 1
>>> will be routed through ISP 1
>>>
>>> But the packets are not routing via ISP1
>>>
>>> When I disable squid redirection rule in IPTables (post 80 redirection
>>> to 3128 squid), the markings are maintained and packets route via
>>> ISP1.
>>>
>>> Now the big question is why is squid removing the marking ??
>> Because the packets STOP at their destination software.
>> Normally the destination is a web server. When you NAT (redirect) a packet
>> to Squid it STOPS there and gets read by Squid instead of passing on to the
>> web server.
>>
>> IF Squid needs to fetch the HTTP object requested from the network a brand
>> new TCP connection will be created only from Squid to the web server.
>>
>>> And how can this be prevented ??
>> By not intercepting packets. As you already noticed.
>>
>>
>> Squid offers alternatives, tcp_outgoing_address has already been mentioned.
>> tcp_outgoing_tos is an alternative that allows you to mark packets leaving
>> Squid.
>
> I tried " tcp_outgoing_address " by adding the following to squid.conf
>
> acl ip1 myip 10.0.0.120
> acl ip2 myip 10.0.0.121
> acl ip3 myip 10.0.0.122
> tcp_outgoing_address 10.0.0.120 ip1
> tcp_outgoing_address 10.0.0.121 ip2
> tcp_outgoing_address 10.0.0.122 ip3
>
> Restarted squid, but no help.
>
> Pls help how I can get the route rules to work.
>
> Simple requirement:
> If packets comes from src=10.0.0.120, forward it via ISP-1
> If packets comes from src=10.0.0.121, forward it via ISP-2
> If packets comes from src=10.0.0.122, forward it via ISP-3
> And so forth.
>
> Thx in advance.
> Vai
To prevent the first (default) one being used you may need to do:
tcp_outgoing_address 10.0.0.120 ip1 !ip2 !ip3
tcp_outgoing_address 10.0.0.121 ip2 !ip1 !ip3
tcp_outgoing_address 10.0.0.122 ip3 !ip1 !ip2
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.7Received on Sun May 17 2009 - 06:07:21 MDT
This archive was generated by hypermail 2.2.0 : Mon May 18 2009 - 12:00:02 MDT