Search squid archive

Re: 3 ISPs: Routing problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

RSCL Mumbai wrote:

I have them off. My squid.conf as below....
~~~~~~~~~~
client_persistent_connections off
server_persistent_connections off
~~~~~~~~~~

Chris, if possible, can you pls share your acl rules for "tcp_outgoing_address".


Sure.

acl all src all
acl CONNECT method CONNECT
acl PURGE method PURGE acl manager proto cache_object 
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl directHost dst "/home/squid2/acls/directHostIPlist"
acl windowsUpdateHosts dstdomain .download.windowsupdate.com .windowsupdate.microsoft.com .update.microsoft.com 
acl siteIPs src "/home/squid2/acls/allowedIPlist"
acl directClient src "/home/squid2/acls/directClientIPlist"
acl deniedHost src "/home/squid2/acls/deniedIPlist"
acl blockurls url_regex -i "/home/squid2/acls/blockurls"
acl allowurls url_regex -i "/home/squid2/acls/allowurls"
acl blockdoms dstdomain "/home/squid2/acls/blockdoms"
acl allowdoms dstdomain "/home/squid2/acls/allowdoms"
acl secondIP myip secondIP 10.4.5.3/32
http_access allow manager localhost
http_access allow manager siteIPs
http_access deny manager
http_access allow PURGE localhost
http_access deny PURGE
always_direct allow directHost
always_direct allow directClient
always_direct allow allowdoms
always_direct allow allowurls
never_direct allow all
http_access allow localhost
http_access allow directHost
http_access allow windowsUpdateHosts
http_access deny deniedHost
http_access allow directClient
http_access deny !secondIP blockdoms
http_access deny !secondIP blockurls
http_access allow siteIPs
http_access deny all
http_port 8080
tcp_outgoing_address 10.4.5.3 secondIP
cache_peer proxypool-1.domain parent 8080 7 no-query sourcehash
cache_peer proxypool-2.domain parent 8080 7 no-query sourcehash
cache_dir aufs /home/squid2/cache 2048 16 256
maximum_object_size 15360 KB
access_log /home/squid2/logs/access.log squid !secondIP
access_log /home/squid2/logs/access2.log squid secondIP
cache_store_log none
cache_swap_log /home/squid2/logs/swap.log
logfile_rotate 0
pid_filename /var/run/squid.pid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_effective_user squid
server_persistent_connections off
snmp_port 0
icp_port 0
deny_info ERR_LOCAL_BLOCK blockurls blockdoms
deny_info ERR_NO_OPEN_PROXY siteIPs
nonhierarchical_direct off
coredump_dir /home/squid2/cache

[root@site ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:E0:81:31:83:10 inet addr:10.4.5.10 Bcast:10.4.7.255 Mask:255.255.252.0 
         inet6 addr: fe80::2e0:81ff:fe31:8310/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:889599678 errors:0 dropped:0 overruns:0 frame:0
         TX packets:680257590 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:438674074 (418.3 MiB)  TX bytes:1745642770 (1.6 GiB)
eth0:0 Link encap:Ethernet HWaddr 00:E0:81:31:83:10 inet addr:10.4.5.3 Bcast:10.4.7.255 Mask:255.255.252.0 
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:23965032 errors:0 dropped:0 overruns:0 frame:0
         TX packets:23965032 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:1704976156 (1.5 GiB)  TX bytes:1704976156 (1.5 GiB)

[root@site ~]# /home/squid2/bin/squid -v
Squid Cache: Version 2.7.STABLE5
configure options: '--bindir=/home/squid2/bin' '--sbindir=/home/squid2/bin' '--libexecdir=/home/squid2/bin' '--datadir=/home/squid2/etc' '--sysconfdir=/etc/squid' '--localstatedir=/home/squid2' '--mandir=/usr/man' '--enable-err-languages=English' '--enable-snmp' '--with-large-files' '--disable-ident-lookups' '--disable-useragent-log' '--disable-referer-log' '--enable-storeio=ufs,aufs' 


Just want to make sure my rules are correct.
I tried with 2 nics and it did not work.

Also, I have to manage 5 ISPs.
I do not have the possibility of adding 5 lan cards in my server.

I read on the net that IPTables and route2 do not support virtual interfaces.

Looks like I have limited / no options here.

Thx.

Vai


Chris
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux