On Mon, 2002-11-25 at 05:08, Arindam Haldar wrote: > hi all, hi, > > We are using squid 25s1 with kernel 2.4.19 and iproute2(+julian's > Pathes) with the following acl.. > > acl short_path dst 128.0.0.0/8 > tcp_outgoing_address myIp2nd short_path > > we are linked to 2 isp--one having satelite & the other OFC. We want the > above mentioned network to go thru OFC(ispB) as the sibling resides > there. But when i use squidclient mgr:server_list command i see that rtt > is still 650ms which is the time taken by satelite provider(ispA). The > OFC takes 230ms. > ip rule add prio 50 to 128.0.0.0/8 lookup ispB should do the trick. > My Question is-- > what can be done so that squid uses path according to the interface > defined ? I'm not sure to understand your question. But if you want all packets sent by squid to use a specific gateway, you need to mark them, and route them according to this. Eg, iptables -t mangle -A OUTPUT -m owner --uid-owner squid_uid -j MARK --set-mark 1 Then, ip rule add prio 50 fwmark 1 lookup ispX > how can local generated packets(on the linux box) uses a path as wanted > by us(in the rules) ? > Same answer, mark them. iptables -t mangle -A OUTPUT -j MARK --set-mark 2 Then, instruct the kernel to route marked packets through a specific ISP ip rule add prio 50 fwmark 2 lookup ispX > Awaiting a reply/suggestion/experience from you very anxiously.. Hope this helps. Cheers, Vincent. > > A.H > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- Vincent Jaussaud Kelkoo.com Security Manager email: tatooin@kelkoo.com "The UNIX philosophy is to design small tools that do one thing, and do it well." _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
