Thanks for the help! I read over the rules and it was quite easy to set
up what I needed once I had the right directive. I simply set up the
following.
#Set up our ACL for high throughput sites
acl high_throughput dstdomain .amazonaws.com
#Bind high throughput to the wireless interface
tcp_outgoing_address 116.90.140.xx high_throughput
However we're having a side effect issue. Our router box is a bit old
(an old P4), and we can't keep up with the squid demands due to the
number of users with 2 GB of ram. Is there a directive that I can tell
squid not to proxy connections unless they meet the "high_throughput"
acl? I looked and couldn't find any bypass directives that met what I
needed.
Thanks,
Todd
Amos Jeffries wrote:
On Mon, 28 Sep 2009 16:21:16 +1300, Todd Nine <todd@xxxxxxxxxxxxxxxxxx>
wrote:
Hi all,
I'm using squid on a pfSense router we've built. We have 2
connections, one we pay for usage (DSL) and one we do not (Wireless).
We use Amazon S3 extensively at work. We've been attempting to route
all traffic over the wireless via an IP range, but as S3 can change IPs,
this doesn't work and we end up with a large bill for our DSL. Is it
possible to have squid route connections via a specific interface if a
hostname such as "amazonaws.com" is in the HTTP request header?
Thanks,
Todd
Yes you can.
Find an IP assigned to the interface you want traffic to go out. Use the
tcp_outgoing_addr directive and ACLs that match the requests to make sure
all the requests to that domain are assigned that outgoing address. Then
make sure the OS sends traffic from that IP out the right interface.
Amos
--
todd
SENIOR SOFTWARE ENGINEER
todd nine | spidertracks ltd | 117a the square
po box 5203 | palmerston north 4441 | new zealand
P: +64 6 353 3395 | M: +64 210 255 8576
E: todd@xxxxxxxxxxxxxxxxxx <mailto:todd@xxxxxxxxxxxxxxxxxx>
W: www.spidertracks.com <http://www.spidertracks.com>
