Re: [squid-users] 3 ISPs: Routing problem

RSCL Mumbai wrote:
> I have them off. My squid.conf as below....
> ~~~~~~~~~~
> client_persistent_connections off
> server_persistent_connections off
> ~~~~~~~~~~
>
> Chris, if possible, can you pls share your acl rules for "tcp_outgoing_address".
>

Sure.

acl all src all
acl CONNECT method CONNECT
acl PURGE method PURGE
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl directHost dst "/home/squid2/acls/directHostIPlist"
acl windowsUpdateHosts dstdomain .download.windowsupdate.com
.windowsupdate.microsoft.com .update.microsoft.com
acl siteIPs src "/home/squid2/acls/allowedIPlist"
acl directClient src "/home/squid2/acls/directClientIPlist"
acl deniedHost src "/home/squid2/acls/deniedIPlist"
acl blockurls url_regex -i "/home/squid2/acls/blockurls"
acl allowurls url_regex -i "/home/squid2/acls/allowurls"
acl blockdoms dstdomain "/home/squid2/acls/blockdoms"
acl allowdoms dstdomain "/home/squid2/acls/allowdoms"
acl secondIP myip secondIP 10.4.5.3/32
http_access allow manager localhost
http_access allow manager siteIPs
http_access deny manager
http_access allow PURGE localhost
http_access deny PURGE
always_direct allow directHost
always_direct allow directClient
always_direct allow allowdoms
always_direct allow allowurls
never_direct allow all
http_access allow localhost
http_access allow directHost
http_access allow windowsUpdateHosts
http_access deny deniedHost
http_access allow directClient
http_access deny !secondIP blockdoms
http_access deny !secondIP blockurls
http_access allow siteIPs
http_access deny all
http_port 8080
tcp_outgoing_address 10.4.5.3 secondIP
cache_peer proxypool-1.domain parent 8080 7 no-query sourcehash
cache_peer proxypool-2.domain parent 8080 7 no-query sourcehash
cache_dir aufs /home/squid2/cache 2048 16 256
maximum_object_size 15360 KB
access_log /home/squid2/logs/access.log squid !secondIP
access_log /home/squid2/logs/access2.log squid secondIP
cache_store_log none
cache_swap_log /home/squid2/logs/swap.log
logfile_rotate 0
pid_filename /var/run/squid.pid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_effective_user squid
server_persistent_connections off
snmp_port 0
icp_port 0
deny_info ERR_LOCAL_BLOCK blockurls blockdoms
deny_info ERR_NO_OPEN_PROXY siteIPs
nonhierarchical_direct off
coredump_dir /home/squid2/cache

[root_at_site ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:E0:81:31:83:10
          inet addr:10.4.5.10 Bcast:10.4.7.255 Mask:255.255.252.0
          inet6 addr: fe80::2e0:81ff:fe31:8310/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:889599678 errors:0 dropped:0 overruns:0 frame:0
          TX packets:680257590 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:438674074 (418.3 MiB) TX bytes:1745642770 (1.6 GiB)

eth0:0 Link encap:Ethernet HWaddr 00:E0:81:31:83:10
          inet addr:10.4.5.3 Bcast:10.4.7.255 Mask:255.255.252.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:23965032 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23965032 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1704976156 (1.5 GiB) TX bytes:1704976156 (1.5 GiB)

[root_at_site ~]# /home/squid2/bin/squid -v
Squid Cache: Version 2.7.STABLE5
configure options: '--bindir=/home/squid2/bin'
'--sbindir=/home/squid2/bin' '--libexecdir=/home/squid2/bin'
'--datadir=/home/squid2/etc' '--sysconfdir=/etc/squid'
'--localstatedir=/home/squid2' '--mandir=/usr/man'
'--enable-err-languages=English' '--enable-snmp' '--with-large-files'
'--disable-ident-lookups' '--disable-useragent-log'
'--disable-referer-log' '--enable-storeio=ufs,aufs'

> Just want to make sure my rules are correct.
> I tried with 2 nics and it did not work.
>
> Also, I have to manage 5 ISPs.
> I do not have the possibility of adding 5 lan cards in my server.
>
> I read on the net that IPTables and route2 do not support virtual interfaces.
>
> Looks like I have limited / no options here.
>
> Thx.
>
> Vai
>

Chris
Received on Thu May 21 2009 - 19:50:20 MDT