On Fri, May 15, 2009 at 10:38 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> RSCL Mumbai wrote:
>>
>> On Thu, May 14, 2009 at 4:33 PM, Jeff Pang <pangj_at_arcor.de> wrote:
>>>
>>> RSCL Mumbai:
>>>
>>>> What would like to configure is setup "specific G/ws for specific
>>>> clients".
>>>>
>>>> 192.168.1.100 to use G/w 192.168.1.1
>>>> 192.168.1.101 to use G/w 192.168.1.1
>>>> 192.168.1.102 to use G/w 192.168.1.2
>>>> 192.168.1.103 to use G/w 192.168.1.2
>>>> 192.168.1.104 to use G/w 192.168.1.2
>>>> 192.168.1.105 to use G/w 192.168.1.3
>>>> 192.168.1.106 to use G/w 192.168.1.3
>>>>
>>
>>
>>
>> I just found out that squid is removing the marking on the packet:
>> This is what I am doing:
>>
>> (1) I marked packets coming from 10.0.0.120 to port 80, with "mark1"
>> (mark1 corresponds to isp1)
>> (2) I added a route rule which says that all packets having mark 1
>> will be routed through ISP 1
>>
>> But the packets are not routing via ISP1
>>
>> When I disable squid redirection rule in IPTables (post 80 redirection
>> to 3128 squid), the markings are maintained and packets route via
>> ISP1.
>>
>> Now the big question is why is squid removing the marking ??
>
> Because the packets STOP at their destination software.
> Normally the destination is a web server. When you NAT (redirect) a packet
> to Squid it STOPS there and gets read by Squid instead of passing on to the
> web server.
>
> IF Squid needs to fetch the HTTP object requested from the network a brand
> new TCP connection will be created only from Squid to the web server.
>
>> And how can this be prevented ??
>
> By not intercepting packets. As you already noticed.
>
>
> Squid offers alternatives, tcp_outgoing_address has already been mentioned.
> tcp_outgoing_tos is an alternative that allows you to mark packets leaving
> Squid.
I tried " tcp_outgoing_address " by adding the following to squid.conf
acl ip1 myip 10.0.0.120
acl ip2 myip 10.0.0.121
acl ip3 myip 10.0.0.122
tcp_outgoing_address 10.0.0.120 ip1
tcp_outgoing_address 10.0.0.121 ip2
tcp_outgoing_address 10.0.0.122 ip3
Restarted squid, but no help.
Pls help how I can get the route rules to work.
Simple requirement:
If packets comes from src=10.0.0.120, forward it via ISP-1
If packets comes from src=10.0.0.121, forward it via ISP-2
If packets comes from src=10.0.0.122, forward it via ISP-3
And so forth.
Thx in advance.
Vai
Received on Fri May 15 2009 - 17:49:35 MDT
This archive was generated by hypermail 2.2.0 : Sun May 17 2009 - 12:00:01 MDT