[squid-users] Re: RE : [squid-users] tcp_outgoing_mark + https from Eliezer Croitoru on 2012-12-11 (squid-users)

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Tue, 11 Dec 2012 21:42:48 +0200

Hey Sébastien,

What linux and what squid version?
It's different if your logic is "all to 100Mbit connection" to "just
these to 100Mbit connection".
If you can share your squid.conf and remove the sensitive data it will
maybe give us more info.

Regards,
Eliezer

On 12/11/2012 7:47 PM, Sébastien WENSKE wrote:
> Hi Eliezer,
>
> I'm not using SSL-Bump, I have a 100Mbit/s fiber connection and an SDSL 4Mbit/s.
> By default, all traffic goes through the SDSL except traffic to our production and VPN site-to-site.
>
> Squid running on the same box where I use shorewall to route marked packets and is directly connected to internet.
>
> Now, I want to mark packets with squid regarding dstdomain ACLs in order to "route" them on the 100Mb/s link.
> It works as expected with http but not for https (CONNECT)
>
> Best Regard,
> Sebastien
>
> ________________________________________
> De : Eliezer Croitoru [eliezer_at_ngtech.co.il]
> Date d'envoi : mardi 11 décembre 2012 17:37
> À : squid-users_at_squid-cache.org
> Objet : Re: [squid-users] tcp_outgoing_mark + https
>
> Hey Sebastien,
>
> Are you using ssl-bump at all? or just plain CONNECT requests?
> Else then the problem If you can explain more about the situation or the
> goal in more the just ROUTE web traffic over WAN connections.
> Do you have preference for specific routes? maybe you just want to
> load-balance?
>
> Maybe your approach is not in the right direction anyway?
>
> Regards,
> Eliezer
>
> On 12/11/2012 4:00 PM, Sébastien WENSKE wrote:
>> Hi List,
>>
>> I'm trying the "tcp_outgoing_mark" feature with dstdomain acls in order to
>> "route" web traffic on several WAN links, but I noticed that it doesn't
>> works with https requests.
>>
>> Does someone know how to achieve this?
>>
>> Many Thanks.
>> Sebastien
>>
>
> --
> Eliezer Croitoru
> https://www1.ngtech.co.il
> sip:ngtech_at_sip2sip.info
> IT consulting for Nonprofit organizations
> eliezer <at> ngtech.co.il
>

-- 
Eliezer Croitoru
https://www1.ngtech.co.il
sip:ngtech_at_sip2sip.info
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il

Received on Tue Dec 11 2012 - 19:43:01 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 12 2012 - 12:00:04 MST