hi list, I just added a squid cache on the same server where an openvpn server is running.
This is a diagram of how things are atm
[adsl2:192.168.2.254]
|
|
[SWITCH]================[LAN]
|
|
[eth1:192.168.2.99]
|
[DEBIAN4/OPENVPN/SQUID]
|
[eth0:192.168.101.253]
|
|
[ADSL1:92.168.101.254]
so, before squid, they where using this:
iptables -A PREROUTING -i eth1 -t mangle -p tcp -m multiport --dport http,smtp,pop3,ftp,https,1863 -j MARK --set-mark 1
echo 200 web.out >> /etc/iproute2/rt_tables
ip rule add fwmark 1 table web.out
ip rule ls
ip route add default via 192.168.2.254 dev eth1 table web.out
ip route flush cache
But after squid, it was setup as transparent, and added this line
iptables -t nat -A PREROUTING -i eth1 -s 192.168.2.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128
so now, all http traffic goes into the vpn, slow internet and slow vpn :S ..so I gave my sense of humor a shot, and tried POSTROUTING to try to send squids outgoing traffic back to ADSL2
iptables -A POSTROUTING -o eth0 -t mangle -p tcp -m multiport --dport http,smtp,pop3,ftp,https,1863 -j MARK --set-mark 2
echo 202 www.out >> /etc/iproute2/rt_tables
ip rule add fwmark 2 table www.out
ip route add default via 192.168.2.254 dev eth1 table www.out
ip route flush cache
unfortunatelly, I stilll see packets going into ADSL1
and I see this error when I run the fw script
RTNETLINK answers: File exists
so, here I am, asking for help, please and thanks.
I hope I gave you enough info :s
____________________________________________________________________________________
Need a vacation? Get great deals
to amazing places on Yahoo! Travel.
http://travel.yahoo.com/
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
