On Sun, May 17, 2009 at 11:37 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> RSCL Mumbai wrote:
>>
>> On Fri, May 15, 2009 at 10:38 AM, Amos Jeffries <squid3_at_treenet.co.nz>
>> wrote:
>>>
>>> RSCL Mumbai wrote:
>>>>
>>>> On Thu, May 14, 2009 at 4:33 PM, Jeff Pang <pangj_at_arcor.de> wrote:
>>>>>
>>>>> RSCL Mumbai:
>>>>>
>>>>>> What would like to configure is setup "specific G/ws for specific
>>>>>> clients".
>>>>>>
>>>>>> 192.168.1.100 to use G/w 192.168.1.1
>>>>>> 192.168.1.101 to use G/w 192.168.1.1
>>>>>> 192.168.1.102 to use G/w 192.168.1.2
>>>>>> 192.168.1.103 to use G/w 192.168.1.2
>>>>>> 192.168.1.104 to use G/w 192.168.1.2
>>>>>> 192.168.1.105 to use G/w 192.168.1.3
>>>>>> 192.168.1.106 to use G/w 192.168.1.3
>>>>>>
>>>>
>>>>
>>>> I just found out that squid is removing the marking on the packet:
>>>> This is what I am doing:
>>>>
>>>> (1) I marked packets coming from 10.0.0.120 to port 80, with "mark1"
>>>> (mark1 corresponds to isp1)
>>>> (2) I added a route rule which says that all packets having mark 1
>>>> will be routed through ISP 1
>>>>
>>>> But the packets are not routing via ISP1
>>>>
>>>> When I disable squid redirection rule in IPTables (post 80 redirection
>>>> to 3128 squid), the markings are maintained and packets route via
>>>> ISP1.
>>>>
>>>> Now the big question is why is squid removing the marking ??
>>>
>>> Because the packets STOP at their destination software.
>>> Normally the destination is a web server. When you NAT (redirect) a
>>> packet
>>> to Squid it STOPS there and gets read by Squid instead of passing on to
>>> the
>>> web server.
>>>
>>> IF Squid needs to fetch the HTTP object requested from the network a
>>> brand
>>> new TCP connection will be created only from Squid to the web server.
>>>
>>>> And how can this be prevented ??
>>>
>>> By not intercepting packets. As you already noticed.
>>>
>>>
>>> Squid offers alternatives, tcp_outgoing_address has already been
>>> mentioned.
>>> tcp_outgoing_tos is an alternative that allows you to mark packets
>>> leaving
>>> Squid.
>>
>> I tried " tcp_outgoing_address " by adding the following to squid.conf
>>
>> acl ip1 myip 10.0.0.120
>> acl ip2 myip 10.0.0.121
>> acl ip3 myip 10.0.0.122
>> tcp_outgoing_address 10.0.0.120 ip1
>> tcp_outgoing_address 10.0.0.121 ip2
>> tcp_outgoing_address 10.0.0.122 ip3
>>
>> Restarted squid, but no help.
>>
>> Pls help how I can get the route rules to work.
>>
>> Simple requirement:
>> If packets comes from src=10.0.0.120, forward it via ISP-1
>> If packets comes from src=10.0.0.121, forward it via ISP-2
>> If packets comes from src=10.0.0.122, forward it via ISP-3
>> And so forth.
>>
>> Thx in advance.
>> Vai
>
> To prevent the first (default) one being used you may need to do:
>
> tcp_outgoing_address 10.0.0.120 ip1 !ip2 !ip3
> tcp_outgoing_address 10.0.0.121 ip2 !ip1 !ip3
> tcp_outgoing_address 10.0.0.122 ip3 !ip1 !ip2
I do not have 5 real interfaces for 5 ISPs.
And I believe virtual interfaces will not work in this scenario.
Any other option pls ??
Thx & regards,
Vai
Received on Mon May 18 2009 - 15:17:30 MDT
This archive was generated by hypermail 2.2.0 : Wed May 20 2009 - 12:00:02 MDT