Thanks for ur reply,
so i can tell squid :
traffic to <destination> must use gateway X
but not :
traffic from <source> must use gateway X
Do I understand?
Le 01/03/2014 11:54, Amos Jeffries a écrit :
> On 1/03/2014 10:33 p.m., Kevin Lesage wrote:
>> Hello,
>> i'm using pfsense 2.1 with squid 3.1.20.
>>
>> I have 2 Wan and 2 Lan interfaces :
>> Wan1 : 10.0.0.100/24 => Gateway 10.0.0.138/24 (default)
>> Wan2 : 192.168.1.100/24 => Gateway 192.168.1.100/24
>> Lan1 : 192.168.50.0/24
>> Lan2 : 172.16.0.0/16
>>
>> With firewall rules, i can get computers from Lan1 subnet access to
>> internet only through WAN1, and computers from Lan2
>>
>> Subnet only through WAN2.
>>
>> But wen I ask Squid to bind interfaces LAN1 and LAN2, and add customs
>> options :
>>
>> acl LAN1 src 192.168.50.0/24
>> acl LAN2 src 172.16.0.0/16
>> tcp_outgoing_address 10.0.0.100 LAN1
>> tcp_outgoing_address 192.168.1.100 LAN2
>>
>> all http traffic passes through only one WAN gateway, which is
>> 10.0.0.138 (default)!
>>
>> How can i do?
> Squid does not "bind interfaces" and neither does it have anything
> directly to do with routing decisions. All it does is set the source IP
> address on outgoing packets and let the OS decide which interface is used.
>
> Two things may be happening:
>
> 1) If neither of your ACLs are matching the default/master IP for the
> machine will be used instead of the configured ones. Usually that is the
> primary IP on eth0.
>
> 2) Routing rules are usually based on destination IP in my experience,
> rather than source IPs. If your gateway descision is indeed based on
> 10.0.0.0/24 and 192.168.1.0/24 networks then all other packets includign
> those destined to Internet ranges will be using the default gateway.
>
>
> Amos
>
Received on Sun Mar 02 2014 - 09:48:44 MST
This archive was generated by hypermail 2.2.0 : Sun Mar 02 2014 - 12:00:03 MST