Re: Route domain through different gateway

Nerijus Baliunas <nerijus@xxxxxxxxxxxxxxxxxxxxx> · Thu, 2 Aug 2007 03:31:09 +0300

On Mon, 30 Jul 2007 03:36:08 +0200 Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote:

> For this you use tcp_outgoing_address combined with policy routing in
> your OS to route the traffic to the right gateway based on the source IP
> set by Squid.

Does it work with follow_x_forwarded_for? I have the following setup:

follow_x_forwarded_for allow localhost
acl our_networks src 192.168.0.0/24 192.168.2.0/24
acl my_ip src 84.32.xx.xx
http_access allow our_networks
http_access allow my_ip
tcp_outgoing_address 81.7.xx.xx my_ip
tcp_outgoing_address 193.219.xx.xx
server_persistent_connections off

If my X-Forwarded-For address is 84.32.xx.xx, outgoing address is 193.219.xx.xx,
while it should be 81.7.xx.xx, right? If I change 2nd tcp_outgoing_address line to
tcp_outgoing_address 81.7.xx.xx
then outgoing adress is 81.7.xx.xx.

If I don't use follow_x_forwarded_for everything works OK. squid-2.6.STABLE13.

After searching a bit, I found http://www.squid-cache.org/bugs/show_bug.cgi?id=1886.
The patch in it is a bit incorrect. The corrected patch is attached and it works with
my setup.

Regards,
Nerijus
diff -ur squid-2.6.STABLE13.orig/src/forward.c squid-2.6.STABLE13/src/forward.c

--- squid-2.6.STABLE13.orig/src/forward.c	2007-04-17 12:35:17.000000000 +0300
+++ squid-2.6.STABLE13/src/forward.c	2007-08-02 03:05:47.000000000 +0300
@@ -424,7 +424,12 @@
     aclCheck_t ch;
     memset(&ch, '\0', sizeof(aclCheck_t));
     if (request) {
-	ch.src_addr = request->client_addr;
+#if FOLLOW_X_FORWARDED_FOR
+	if (Config.onoff.acl_uses_indirect_client) {
+	    ch.src_addr = request->indirect_client_addr;
+	} else
+#endif /* FOLLOW_X_FORWARDED_FOR */
+	    ch.src_addr = request->client_addr;
 	ch.my_addr = request->my_addr;
 	ch.my_port = request->my_port;
 	ch.request = request;
@@ -438,7 +443,12 @@
     aclCheck_t ch;
     memset(&ch, '\0', sizeof(aclCheck_t));
     if (request) {
-	ch.src_addr = request->client_addr;
+#if FOLLOW_X_FORWARDED_FOR
+	if (Config.onoff.acl_uses_indirect_client) {
+	    ch.src_addr = request->indirect_client_addr;
+	} else
+#endif /* FOLLOW_X_FORWARDED_FOR */
+	    ch.src_addr = request->client_addr;
 	ch.my_addr = request->my_addr;
 	ch.my_port = request->my_port;
 	ch.request = request;




