@Amos,
Sorry for the late reply.
I experimented a bit during this time. I decided to first forward all
traffic from a single system to a different gateway.
Once this works fine I will go for filtering based on download size.
So, to allow all requests from a different gateway link I did the following.
In my Squid configuration file I added the following lines. Here I
want to allow all requests to from IP 192.168.1.226
to be directed through the second gateway link2.
acl ext_filtering src 192.168.1.226
tcp_outgoing_address 192.168.1.250 ext_filtering
Now for the second gateway I created a routing table link2 and added
the following default route and routing rules.
ip rule add from 192.168.1.250 table link2
ip route add default via 192.168.1.253 dev eth1 table link2
ip route flush cache
Here 192.168.1.253 is the second gateway.
Now, when I test this by running the command "elinks --dump
whatismyipaddress.com |head -20" from the system
with IP 192.168.1.226 it works sometimes and sometimes it doesn't.
Also for some sites I am getting "Access Denied" error.
I have been pulling my hairs out on this issue for a pretty long time
but unable to get a proper solution.
Can you please tell me if I am going wrong anywhere ?
On Mon, Apr 11, 2011 at 10:59 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
> On 11/04/11 16:52, Supratik Goswami wrote:
>>
>> @Amos
>>
>> I understand the "policy routing" and also checked with
>> tcp_outgoing_address, but I am not able to figure
>> out how can I use acl to filter the large traffic and use it with the
>> tcp_outgoing_address.
>>
>> Currently with "reply_body_max_size 15 MB officelan" I am able to
>> discard large downloads, but can you
>> please tell me instead of discarding is there a way I can use the acl
>> with tcp_outgoing_address to redirect
>> the download through Link-2 (using policy routing) ?
>
> You must deduce the future size of data transfer and make whatever ACL tests tcp_outgoing_address needs based only on the *request* details.
>
> For things such as ...
> * POST or PUT the size is in the Content-Length header.
>
> * CONNECT you will have to make a judgement call, your logs should show some avg size trend.
>
> * HEAD will usually never reach 1 MB, though some can be amazingly high in the KB range.
>
> * GET is where it gets tricky. You will have to select based on the URL. The usual way is to just assume that multimedia, executable or archives file types are the big ones and the rest small.
>
> Perfection is not possible here, but the above generalizations will go along way towards biasing the traffic towards your desired "large" link.
>
> Sorry if I'm being a bit vague. The exact rules will depends very specifically on your clients and what parts of the web they visit.
>
>
> Well, thats how to do it in Squid at the point of outbound. The alternative if you want better reliability is ignoring Squid entirely and doing load balancing at the operating system packet level.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.12
> Beta testers wanted for 3.2.0.6
Received on Thu Apr 21 2011 - 12:11:16 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 21 2011 - 12:00:03 MDT