On May 18, 2009, at 11:17 AM, RSCL Mumbai wrote:
On Sun, May 17, 2009 at 11:37 AM, Amos Jeffries
<squ...@treenet.co.nz> wrote:
RSCL Mumbai wrote:
On Fri, May 15, 2009 at 10:38 AM, Amos Jeffries <squ...@treenet.co.nz
>
wrote:
RSCL Mumbai wrote:
On Thu, May 14, 2009 at 4:33 PM, Jeff Pang <pa...@arcor.de> wrote:
RSCL Mumbai:
What would like to configure is setup "specific G/ws for
specific
clients".
192.168.1.100 to use G/w 192.168.1.1
192.168.1.101 to use G/w 192.168.1.1
192.168.1.102 to use G/w 192.168.1.2
192.168.1.103 to use G/w 192.168.1.2
192.168.1.104 to use G/w 192.168.1.2
192.168.1.105 to use G/w 192.168.1.3
192.168.1.106 to use G/w 192.168.1.3
I just found out that squid is removing the marking on the packet:
This is what I am doing:
(1) I marked packets coming from 10.0.0.120 to port 80, with
"mark1"
(mark1 corresponds to isp1)
(2) I added a route rule which says that all packets having mark 1
will be routed through ISP 1
But the packets are not routing via ISP1
When I disable squid redirection rule in IPTables (post 80
redirection
to 3128 squid), the markings are maintained and packets route via
ISP1.
Now the big question is why is squid removing the marking ??
Because the packets STOP at their destination software.
Normally the destination is a web server. When you NAT (redirect) a
packet
to Squid it STOPS there and gets read by Squid instead of passing
on to
the
web server.
IF Squid needs to fetch the HTTP object requested from the
network a
brand
new TCP connection will be created only from Squid to the web
server.
And how can this be prevented ??
By not intercepting packets. As you already noticed.
Squid offers alternatives, tcp_outgoing_address has already been
mentioned.
tcp_outgoing_tos is an alternative that allows you to mark packets
leaving
Squid.
I tried " tcp_outgoing_address " by adding the following to
squid.conf
acl ip1 myip 10.0.0.120
acl ip2 myip 10.0.0.121
acl ip3 myip 10.0.0.122
tcp_outgoing_address 10.0.0.120 ip1
tcp_outgoing_address 10.0.0.121 ip2
tcp_outgoing_address 10.0.0.122 ip3
Restarted squid, but no help.
Pls help how I can get the route rules to work.
Simple requirement:
If packets comes from src=10.0.0.120, forward it via ISP-1
If packets comes from src=10.0.0.121, forward it via ISP-2
If packets comes from src=10.0.0.122, forward it via ISP-3
And so forth.
Thx in advance.
Vai
To prevent the first (default) one being used you may need to do:
tcp_outgoing_address 10.0.0.120 ip1 !ip2 !ip3
tcp_outgoing_address 10.0.0.121 ip2 !ip1 !ip3
tcp_outgoing_address 10.0.0.122 ip3 !ip1 !ip2
I do not have 5 real interfaces for 5 ISPs.
And I believe virtual interfaces will not work in this scenario.
Any other option pls ??
Thx & regards,
Vai
hello Val,
look to your routers to make this decision. You can handout default
gateway info to your clients or routers
if you don't have 3 squid boxes[ my recommendation] then
i would try 3 nics
if thats not available then you need 3 vlans.
-j
