Thanks for the response .... I have added all the rules in the /etc/iproute2/rt_tables file, which will do the splittind, that is now done. You said I should turn off my rp_filter then ? Why ... And where do I do that ( echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter ) ? Should I not use my TOS inside the squid conf file or something like : tcp_outgoing_tos 0x10 all tcp_outgoing_tos 0x20 adsl Then make an acl for each user that should use adsl : acl user1 src 10.4.27.100/255.255.255.255 And make a http_access rule : http_access allow user1 And also : tcp_outgoing_address 192.168.1.2 adsl Out of my head .... -----Original Message----- From: Brent Clark [mailto:bclark@xxxxxxxxxxxxxxx] Sent: 24 January 2006 12:12 PM To: Gert Brits Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: multiple gateways Gert Brits wrote: > Hi all > > Need some help on the following > > The company has two internet lines , so there are two gateways on the > network. > > They have one Linux Fedora 3 firewall, with 3 network cards. > > ETH0 = internal > ETH1 = external ( gateway 1 ) > ETH2 = DSL ( gateway 2 ) > > I need to split the browsing traffic for some people in the company > > I have been given 12 ip address, they must use the DSL link ( ETH2 ) > and the rest must use the EXTERNAL link ( ETH1 ) > > Please help Hi This is not a squid issue, but a routing issue. Suggest you apply to the LARTC and read the advance routing howto In the mean time, here is my routing script. ============================================================== ip route flush table DSL >>/dev/null ip route show table main | grep -Ev ^default\ | while read ROUTE ; do ip route add table DSL $ROUTE done ## Add the ADSL as route to route table DSL ip route add default via 192.168.10.200 dev eth2 table DSL >>/dev/null ## Add the route to table DSL ip rule add fwmark 1 table DSL >> /dev/null ============================================================= Here part of my rule set: #!/bin/sh - IPT=/sbin/iptables # Rules for gateway echo 0 > /proc/sys/net/ipv4/ip_dynaddr echo 0 > /proc/sys/net/ipv4/ip_forward #Clear \ Flush all the rules from the different chains and tables $IPT --flush $IPT --flush INPUT #Flush the INPUT chain $IPT --flush OUTPUT #Flush the OUTPUT chain $IPT --flush FORWARD #Flush the FORWARD chain $IPT -t nat --flush #Flush the nat table $IPT -t mangle --flush #Flush the mangle table $IPT --delete-chain #Delete any pre-existing chains $IPT -t nat --delete-chain #Delete any pre-existing chains from nat table $IPT -t mangle --delete-chain #Delete any pre-existing chains from the mangle table #Setting the default Policies for the chains $IPT --policy INPUT DROP #Setting the default policy for INPUT chain $IPT --policy FORWARD DROP #Setting the default plicy for FORWARD chain $IPT --policy OUTPUT DROP #Setting the default policy for the OUTPUT chain #Setting Nat and mangle to default policy ACCEPT $IPT -t nat --policy PREROUTING ACCEPT $IPT -t nat --policy OUTPUT ACCEPT $IPT -t nat --policy POSTROUTING ACCEPT $IPT -t mangle --policy PREROUTING ACCEPT $IPT -t mangle --policy POSTROUTING ACCEPT #Accepting traffic for and to internal interface $IPT -A INPUT -i lo -j ACCEPT #Allowing unlimited loopback traffic $IPT -A OUTPUT -o lo -j ACCEPT #Allowing unlimited loopback traffic # SNAT the Private LAN $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.111.0/24 -j SNAT --to $EXTERNALIPFORETH0 $IPT -t nat -A POSTROUTING -o eth2 -s 192.168.111.0/24 -j SNAT --to $EXTERNALIPFORETH2 $IPT -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # TO ALLOW ALL HTTP TRAFFIC OUT ETH2 $IPT -t filter -A FORWARD -i eth1 -o eth2 -p tcp --dport 80 -m state --state NEW -j ACCEPT you need to switch off the rp_filter. HTH Kind Regards Brent Clark
