On Fri, 29 Apr 2005, jonathan wrote:
I have two internet connections on the server and of course another one for th local network. I use meta-data marking (netfilter / fwmark) to route the packets to ISP1 or ISP2 according the destination port.
It works very well if the proxy is inactive, but when I activate squid (with port redirection), packets are going to any output interface ignoring the packet marking rules.
This is because Squid is the origin of all packets then, and your meta-data marking is most likely no longer active.
But now I am "terrify" because I have just read in this mailing list that squid doesn't support the meta-data marking.
Correct. Not supported by the kernel.
Is that right and why ? does anybody have used both successfully ? Is there another solution for my problem ?
You need to set up similar mark rules in your OUTPUT mangle chain.
Regards Henrik
