On Fri, May 15, 2009 at 10:38 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > RSCL Mumbai wrote: >> >> On Thu, May 14, 2009 at 4:33 PM, Jeff Pang <pangj@xxxxxxxx> wrote: >>> >>> RSCL Mumbai: >>> >>>> What would like to configure is setup "specific G/ws for specific >>>> clients". >>>> >>>> 192.168.1.100 to use G/w 192.168.1.1 >>>> 192.168.1.101 to use G/w 192.168.1.1 >>>> 192.168.1.102 to use G/w 192.168.1.2 >>>> 192.168.1.103 to use G/w 192.168.1.2 >>>> 192.168.1.104 to use G/w 192.168.1.2 >>>> 192.168.1.105 to use G/w 192.168.1.3 >>>> 192.168.1.106 to use G/w 192.168.1.3 >>>> >> >> >> >> I just found out that squid is removing the marking on the packet: >> This is what I am doing: >> >> (1) I marked packets coming from 10.0.0.120 to port 80, with "mark1" >> (mark1 corresponds to isp1) >> (2) I added a route rule which says that all packets having mark 1 >> will be routed through ISP 1 >> >> But the packets are not routing via ISP1 >> >> When I disable squid redirection rule in IPTables (post 80 redirection >> to 3128 squid), the markings are maintained and packets route via >> ISP1. >> >> Now the big question is why is squid removing the marking ?? > > Because the packets STOP at their destination software. > Normally the destination is a web server. When you NAT (redirect) a packet > to Squid it STOPS there and gets read by Squid instead of passing on to the > web server. > > IF Squid needs to fetch the HTTP object requested from the network a brand > new TCP connection will be created only from Squid to the web server. > >> And how can this be prevented ?? > > By not intercepting packets. As you already noticed. > > > Squid offers alternatives, tcp_outgoing_address has already been mentioned. > tcp_outgoing_tos is an alternative that allows you to mark packets leaving > Squid. I tried " tcp_outgoing_address " by adding the following to squid.conf acl ip1 myip 10.0.0.120 acl ip2 myip 10.0.0.121 acl ip3 myip 10.0.0.122 tcp_outgoing_address 10.0.0.120 ip1 tcp_outgoing_address 10.0.0.121 ip2 tcp_outgoing_address 10.0.0.122 ip3 Restarted squid, but no help. Pls help how I can get the route rules to work. Simple requirement: If packets comes from src=10.0.0.120, forward it via ISP-1 If packets comes from src=10.0.0.121, forward it via ISP-2 If packets comes from src=10.0.0.122, forward it via ISP-3 And so forth. Thx in advance. Vai
