Re: [squid-users] Squid with Dansguardian (tcp_outgoing_address problem)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 10 Sep 2009 00:22:35 +1200

Santhosh Kumar Gulla wrote:
> Dear All,
>
> My setup is like this. I'm using dansguardian, squid, havp and I have
> two ISP connections. In squid.conf I have given:
>
> acl mac arp '/etc/squid/mac'
> tcp_outgoing_address w.x.y.z mac
>
>
> So, when I'm using only squid, the mac ID's present in '/etc/squid/mac'
> are going through the IP w.x.y.z . But when I'm using dansguardian this
> rule is not working. It is going through default wan connection. Can
> anybody help me solve this problem.

Not without a LOT more info about your setup, Squid, and operational
needs and resources than you are likely to provide.

Please understand WHY this is happening...

DG plugs in between the client and Squid or Squid and the Internet.

Which means...

  DG will be the 'client' as far as Squid can tell - thus the MAC
address will always 100% be the MAC of the DG host machine.

OR...

  Squid will always be connecting out to DG - thus Squid outgoing
address is never contacting the Internet and so setting it means nothing.

This is one of the reasons why ARP / MAC is considered generally useless.

SOLUTION: Try another ACL type.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
   Current Beta Squid 3.1.0.13
Received on Wed Sep 09 2009 - 12:22:44 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 09 2009 - 12:00:02 MDT