hi stanislav, i am really busy, but i can comment that i think your problem is coming from locally generated packets -- squid intercepts your web traffic, checks it local store, and then recreates the http get and sends it off. the local routing table is consulted, but i have bad luck in the past getting it work like you want.
inside the squid.conf: # acl normal_service_net src 10.0.0.0/255.255.255.0 # acl good_service_net src 10.0.1.0/255.255.255.0 # tcp_outgoing_address 10.0.0.1 normal_service_net # tcp_outgoing_address 10.0.0.2 good_service_net # tcp_outgoing_address 10.0.0.3 you can see that it is possible to setup an acl and/or select the outgoing address (and bypass/fool the local routing table). as you are marking packets, and if you want to be very granular, you should probably run two instances of squid. each instance needs it own store -- do not use the same cache directory. you can then send packets to the correct squid instance in PREROUTING (each instance listens on a different port). hth cheers charles On Thu, 2005-06-30 at 17:35 +0200, Stanislav Nedelchev wrote: > i'm using one line on eth2 only for web traffic > eth1 is my internal line and eth0 is my main line to internet . > i'm marking packets like this > > i have default route on eth0 > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK > --set-mark 66 > iptables -t mangle -A PREROUTING -i eth1 -p tcp --sport 80 -j MARK > --set-mark 66 > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 3128 -j MARK > --set-mark 66 > iptables -t mangle -A PREROUTING -i eth1 -p tcp --sport 3128 -j MARK > --set-mark 66 > > iptables -t mangle -A FORWARD -p tcp --sport 80 -j MARK --set-mark 66 > iptables -t mangle -A FORWARD -p tcp --dport 80 -j MARK --set-mark 66 > iptables -t mangle -A FORWARD -p tcp --sport 3128 -j MARK --set-mark 66 > iptables -t mangle -A FORWARD -p tcp --dport 3128 -j MARK --set-mark 66 > > > iptables -t nat -A POSTROUTING -o eth2 -p tcp --dport 80 -s > 192.168.0.0/24 -d ! 192.168.0.0/16 -j MASQUERADE > iptables -t nat -A POSTROUTING -o eth2 -p tcp --dport 3128 -s > 192.168.0.0/24 -d ! 192.168.0.0/16 -j MASQUERADE > > i have also > /sbin/ip route add 192.168.0.0/24 dev eth1 table natips > /sbin/ip route add 127.0.0.0/8 dev lo scope link table natips > /sbin/ip route add default via 217.10.248.1 dev eth2 table natips > /sbin/ip route flush cache > /sbin/ip rule add fwmark 66 table natips > > > squid is running > on 192.168.0.1:3128 > > without squid it's working i'm using second line for web traffic > with squid it's not working > > can anybody help me > > Thanks in advance. > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- "simplified chinese" is not nearly as easy as they would have you believe ... a superlative oxymoron" --anonymous _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
