On Tue, 2 Mar 2010 09:05:53 +0800, "luke" <luke_at_creek.com.tw> wrote:
> hi all
> my netowrk interface
> eth0 wan1
> eht1 wan2
> ent2 wan3
> eth3 lan 192.168.1.0/24
>
> my iptable T1
> wan1 ip dev eth0 scope link
> 192.168.1.0/24 dev eth3 scope link
> default via wan1's dev eth0
>
> iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -j MARK --set-mark 1
>
The layering diagram ...
http://www.novell.com/info/primer/art/prim02.gif
Please not:
* Squid is a layer 7 program with a bit of fuzziness downward into layers
6 and 5.
* eth1/wan1/wan2/wan3 are layer 3 pieces.
Make special note of layer-4 and what it's purpose is. Then also notice
that it sits between the NIC and eth* / wan* devices and Squid.
* IP address is a layer 4 thing.
Squid uses the default IP address of the box. As you discovered, setting
tcp_outgoing_address to one specific IP address changes the IP Squid sends
from. How the lower layers use the two IP addresses is up to your iptables
configuration.
The addresses and links going into Squid are completely separate from the
links going out of Squid.
Amos
Received on Tue Mar 02 2010 - 01:55:08 MST
This archive was generated by hypermail 2.2.0 : Tue Mar 02 2010 - 12:00:02 MST
