I think a really useful squid feature would be the ability to use ACLs
to select the outgoing IP address for initiated TCP connections (and
maybe UDP packets too).
For example, instead of:
# Can only select one of these at any particular time
tcp_outgoing_address 1.2.3.4
#tcp_outgoing_address 5.6.7.8
perhaps one could have something like:
tcp_outgoing_address 1.2.3.4
tcp_outgoing_address 5.6.7.8
# Use 1.2.3.4 in some situations
tcp_outgoing_address_access 1.2.3.4 deny acl ...
tcp_outgoing_address_access 1.2.3.4 allow acl ...
# Default to 5.6.7.8
tcp_outgoing_address_access 5.6.7.8 allow all
There are all sorts of reasons why one might like to use different
outgoing IP addresses based on some criteria available to Squid. This
includes the ability to:
(a) Route IP traffic differently (return traffic at least).
(b) Provide differential prioritization to IP traffic.
(c) Allow local or remote web servers to distinguish broad categories
of user.
Now for some questions...
(1) Has anyone implemented such a feature already? (Or is anyone working
on it, or planning to work on it?)
(2) Are there any reasons why this would be a bad thing to do, or a
particularly tricky thing to code?
(3) If not, then does anyone have suggestions for what would be an
appropriate syntax for specifying this in squid.conf? Of course
there are other issues that would need to be decided on, such as
what to do if no tcp_outgoing_address is selected. (Maybe there
could be an implicit "tcp_outgoing_address_access allow all" on the
first/last IP address, after all other tcp_outgoing_address_access
directives.)
-- Chris Teakle Network Development, ITS The University of QldReceived on Mon Jul 12 1999 - 03:37:22 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:21 MST