On Sun, May 17, 2009 at 11:37 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > RSCL Mumbai wrote: >> >> On Fri, May 15, 2009 at 10:38 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> >> wrote: >>> >>> RSCL Mumbai wrote: >>>> >>>> On Thu, May 14, 2009 at 4:33 PM, Jeff Pang <pangj@xxxxxxxx> wrote: >>>>> >>>>> RSCL Mumbai: >>>>> >>>>>> What would like to configure is setup "specific G/ws for specific >>>>>> clients". >>>>>> >>>>>> 192.168.1.100 to use G/w 192.168.1.1 >>>>>> 192.168.1.101 to use G/w 192.168.1.1 >>>>>> 192.168.1.102 to use G/w 192.168.1.2 >>>>>> 192.168.1.103 to use G/w 192.168.1.2 >>>>>> 192.168.1.104 to use G/w 192.168.1.2 >>>>>> 192.168.1.105 to use G/w 192.168.1.3 >>>>>> 192.168.1.106 to use G/w 192.168.1.3 >>>>>> >>>> >>>> >>>> I just found out that squid is removing the marking on the packet: >>>> This is what I am doing: >>>> >>>> (1) I marked packets coming from 10.0.0.120 to port 80, with "mark1" >>>> (mark1 corresponds to isp1) >>>> (2) I added a route rule which says that all packets having mark 1 >>>> will be routed through ISP 1 >>>> >>>> But the packets are not routing via ISP1 >>>> >>>> When I disable squid redirection rule in IPTables (post 80 redirection >>>> to 3128 squid), the markings are maintained and packets route via >>>> ISP1. >>>> >>>> Now the big question is why is squid removing the marking ?? >>> >>> Because the packets STOP at their destination software. >>> Normally the destination is a web server. When you NAT (redirect) a >>> packet >>> to Squid it STOPS there and gets read by Squid instead of passing on to >>> the >>> web server. >>> >>> IF Squid needs to fetch the HTTP object requested from the network a >>> brand >>> new TCP connection will be created only from Squid to the web server. >>> >>>> And how can this be prevented ?? >>> >>> By not intercepting packets. As you already noticed. >>> >>> >>> Squid offers alternatives, tcp_outgoing_address has already been >>> mentioned. >>> tcp_outgoing_tos is an alternative that allows you to mark packets >>> leaving >>> Squid. >> >> I tried " tcp_outgoing_address " by adding the following to squid.conf >> >> acl ip1 myip 10.0.0.120 >> acl ip2 myip 10.0.0.121 >> acl ip3 myip 10.0.0.122 >> tcp_outgoing_address 10.0.0.120 ip1 >> tcp_outgoing_address 10.0.0.121 ip2 >> tcp_outgoing_address 10.0.0.122 ip3 >> >> Restarted squid, but no help. >> >> Pls help how I can get the route rules to work. >> >> Simple requirement: >> If packets comes from src=10.0.0.120, forward it via ISP-1 >> If packets comes from src=10.0.0.121, forward it via ISP-2 >> If packets comes from src=10.0.0.122, forward it via ISP-3 >> And so forth. >> >> Thx in advance. >> Vai > > To prevent the first (default) one being used you may need to do: > > tcp_outgoing_address 10.0.0.120 ip1 !ip2 !ip3 > tcp_outgoing_address 10.0.0.121 ip2 !ip1 !ip3 > tcp_outgoing_address 10.0.0.122 ip3 !ip1 !ip2 I do not have 5 real interfaces for 5 ISPs. And I believe virtual interfaces will not work in this scenario. Any other option pls ?? Thx & regards, Vai
