Hi, I'm trying to use tcp_outgoing_address to forward traffic from specific users to a specific interface.
running squid 5.7 (on openwrt). have a few interfaces on my machine, two of which are VPN interfaces with IPs (internal) 10.200.0.70 and 10.102.237.50. trying to forward user "uk" to the interface with IP 10.200.0.70 is "ignored" - I can see that the default WAN interface is used. I see it by using a simple "what is my ip" test when using the proxy, and checking the traffic of the interfaces when sending requests. the relevant excerpt from the squid conf: acl auth_users proxy_auth REQUIRED acl wg_uk proxy_auth uk tcp_outgoing_address 10.200.0.70 wg_uk I can see that the IP and config are not wrong because the requests don't get 503 errors (if I change the IP to a non existing one, e.g. 10.200.0.71 I do get 503 errors). small excerpt from the squid_cache.log (proxy server is 192.168.1.1, proxy client is 192.168.1.149) 2022/11/26 11:28:48.286| 17,3| FwdState.cc(394) Start: ' http://detectportal.firefox.com/canonical.html' 2022/11/26 11:28:48.286| 17,2| FwdState.cc(157) FwdState: Forwarding client request conn157 local=192.168.1.1:3128 remote=192.168.1.149:64723 FD 13 flags=1, url=http://detectportal.firefox.com/canonical.html 2022/11/26 11:28:48.287| 44,2| peer_select.cc(460) resolveSelected: Find IP destination for: http://detectportal.firefox.com/canonical.html' via detectportal.firefox.com 2022/11/26 11:28:48.287| 14,4| ipcache.cc(607) nbgethostbyname: detectportal.firefox.com 2022/11/26 11:28:48.287| 14,3| Address.cc(389) lookupHostIP: Given Non-IP ' detectportal.firefox.com': Name does not resolve 2022/11/26 11:28:48.287| 14,4| ipcache.cc(647) ipcache_nbgethostbyname_: ipcache_nbgethostbyname: HIT for 'detectportal.firefox.com' 2022/11/26 11:28:48.287| 14,7| ipcache.cc(250) forwardIp: 34.107.221.82 2022/11/26 11:28:48.287| 28,3| Checklist.cc(70) preCheck: 0x7ffd71e3d440 checking fast ACLs 2022/11/26 11:28:48.287| 28,5| Acl.cc(124) matches: checking tcp_outgoing_address 10.200.0.70 2022/11/26 11:28:48.287| 28,5| Acl.cc(124) matches: checking (tcp_outgoing_address 10.200.0.70 line) 2022/11/26 11:28:48.287| 28,5| Acl.cc(124) matches: checking wg_uk 2022/11/26 11:28:48.287| 29,5| UserRequest.cc(75) valid: Validated. Auth::UserRequest '0x1bad2e0'. 2022/11/26 11:28:48.287| 28,4| Acl.cc(346) cacheMatchAcl: ACL::cacheMatchAcl: cache hit on acl 'wg_uk' (0x1551ca0) 2022/11/26 11:28:48.287| 28,3| Acl.cc(151) matches: checked: wg_uk = 1 2022/11/26 11:28:48.287| 28,3| Acl.cc(151) matches: checked: (tcp_outgoing_address 10.200.0.70 line) = 1 2022/11/26 11:28:48.287| 28,3| Acl.cc(151) matches: checked: tcp_outgoing_address 10.200.0.70 = 1 2022/11/26 11:28:48.287| 28,3| Checklist.cc(63) markFinished: 0x7ffd71e3d440 answer ALLOWED for match 2022/11/26 11:28:48.287| 28,4| FilledChecklist.cc(67) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7ffd71e3d440 2022/11/26 11:28:48.287| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7ffd71e3d440 2022/11/26 11:28:48.287| 24,7| SBuf.cc(209) append: from c-string to id SBuf10501 2022/11/26 11:28:48.287| 24,7| SBuf.cc(160) rawSpace: reserving 46 for SBuf10501 2022/11/26 11:28:48.287| 24,7| SBuf.cc(866) reAlloc: SBuf10501 new store capacity: 128 2022/11/26 11:28:48.287| 44,2| peer_select.cc(1171) handlePath: PeerSelector27 found conn167 local=10.200.0.70 remote=34.107.221.82:80 HIER_DIRECT flags=1, destination #1 for http://detectportal.firefox.com/canonical.html 2022/11/26 11:28:48.288| 44,2| peer_select.cc(1177) handlePath: always_direct = DENIED 2022/11/26 11:28:48.288| 44,2| peer_select.cc(1178) handlePath: never_direct = DENIED 2022/11/26 11:28:48.288| 44,2| peer_select.cc(1179) handlePath: timedout = 0 2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27 2022/11/26 11:28:48.288| 17,3| FwdState.cc(631) noteDestination: conn167 local=10.200.0.70 remote=34.107.221.82:80 HIER_DIRECT flags=1 2022/11/26 11:28:48.288| 17,3| FwdState.cc(1135) connectStart: 1+ paths to http://detectportal.firefox.com/canonical.html 2022/11/26 11:28:48.288| 11,7| HttpRequest.cc(468) clearError: old: ERR_NONE 2022/11/26 11:28:48.288| 17,5| AsyncCall.cc(30) AsyncCall: The AsyncCall FwdState::noteConnection constructed, this=0x1b97100 [call1887] 2022/11/26 11:28:48.288| 93,5| AsyncJob.cc(34) AsyncJob: AsyncJob constructed, this=0x1b86e18 type=HappyConnOpener [job99] 2022/11/26 11:28:48.288| 93,5| AsyncCall.cc(30) AsyncCall: The AsyncCall AsyncJob::start constructed, this=0x1b09300 [call1888] 2022/11/26 11:28:48.288| 93,5| AsyncCall.cc(97) ScheduleCall: AsyncJob.cc(26) will call AsyncJob::start() [call1888] 2022/11/26 11:28:48.288| 14,7| ipcache.cc(250) forwardIp: [2600:1901:0:38d7::] 2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27 2022/11/26 11:28:48.288| 24,6| SBuf.cc(99) assign: SBuf10502 from c-string, n=4294967295) 2022/11/26 11:28:48.288| 28,4| FilledChecklist.cc(67) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7ffd71e3d440 2022/11/26 11:28:48.288| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7ffd71e3d440 2022/11/26 11:28:48.288| 24,7| SBuf.cc(209) append: from c-string to id SBuf10503 2022/11/26 11:28:48.288| 24,7| SBuf.cc(160) rawSpace: reserving 46 for SBuf10503 2022/11/26 11:28:48.288| 24,7| SBuf.cc(866) reAlloc: SBuf10503 new store capacity: 128 2022/11/26 11:28:48.288| 44,2| peer_select.cc(1171) handlePath: PeerSelector27 found conn168 local=[::] remote=[2600:1901:0:38d7::]:80 HIER_DIRECT flags=1, destination #2 for http://detectportal.firefox.com/canonical.html 2022/11/26 11:28:48.288| 44,2| peer_select.cc(1177) handlePath: always_direct = DENIED 2022/11/26 11:28:48.288| 44,2| peer_select.cc(1178) handlePath: never_direct = DENIED 2022/11/26 11:28:48.288| 44,2| peer_select.cc(1179) handlePath: timedout = 0 2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27 2022/11/26 11:28:48.288| 17,3| FwdState.cc(631) noteDestination: conn168 local=[::] remote=[2600:1901:0:38d7::]:80 HIER_DIRECT flags=1 2022/11/26 11:28:48.288| 17,7| FwdState.cc(690) notifyConnOpener: reusing pending notification about 2+ paths 2022/11/26 11:28:48.288| 14,7| ipcache.cc(231) finalCallback: 0x1af12b8 2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27 2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27 2022/11/26 11:28:48.288| 24,7| SBuf.cc(209) append: from c-string to id SBuf10504 2022/11/26 11:28:48.288| 24,7| SBuf.cc(160) rawSpace: reserving 46 for SBuf10504 2022/11/26 11:28:48.288| 24,7| SBuf.cc(866) reAlloc: SBuf10504 new store capacity: 128 2022/11/26 11:28:48.288| 44,2| peer_select.cc(479) resolveSelected: PeerSelector27 found all 2 destinations for http://detectportal.firefox.com/canonical.html 2022/11/26 11:28:48.288| 44,2| peer_select.cc(480) resolveSelected: always_direct = DENIED 2022/11/26 11:28:48.288| 44,2| peer_select.cc(481) resolveSelected: never_direct = DENIED 2022/11/26 11:28:48.288| 44,2| peer_select.cc(482) resolveSelected: timedout = 0 can anyone help me understand what I'm missing? thanks!
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users