Then I can use pass out how you tellme at first e-mail ?.
2010/1/17 Stuart Henderson <s...@spacehopper.org>: > On 2010/01/16 22:00, mashenko shenua wrote: >> Can you try it??. Some people tell me I can't use Squid with >> round-robin.. I see this for pfsense : >> >> http://forum.pfsense.org/index.php?topic=7591.msg42943 >> >> tcp_outgoing_address 10.10.1.1 slow;tcp_outgoing_address 10.10.1.1 > > That diff is for pfsense to allow it to add 'pass out...route-to' > rules, you can add these entries anyway with pf.conf. Seems there's > a mistake in their sample squid.conf entries though, I think they > meant to have different tcp_outgoing_addresses for the 'slow' and > normal networks. > > They are telling squid to use different source address for different > connections, and then using route-to to push those out of the correct > interface for the outgoing address they use. > > The other way is to leave squid alone and just handle it with pf. > The main area people might have problems is getting things natted > correctly so the right source addresses are used on outgoing packets. > It's probably simplest to use 'probability' something like this > > pass out quick proto tcp to 209.85.227.105 port 80 \ > route-to (vlan4 192.168.46.49) nat-to (vlan4:0) probability 50% > > (and of course the other 50% will be handled by other rules matching > this packet to go via the default route). > > Thinking about it some more, perhaps this isn't possible with old > PF where nat was handled separately from filter rules; you might need > -current to do this... > >
