On Tue, 2 Mar 2010 09:05:53 +0800, "luke" <luke@xxxxxxxxxxxx> wrote: > hi all > my netowrk interface > eth0 wan1 > eht1 wan2 > ent2 wan3 > eth3 lan 192.168.1.0/24 > > my iptable T1 > wan1 ip dev eth0 scope link > 192.168.1.0/24 dev eth3 scope link > default via wan1's dev eth0 > > iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -j MARK --set-mark 1 > The layering diagram ... http://www.novell.com/info/primer/art/prim02.gif Please not: * Squid is a layer 7 program with a bit of fuzziness downward into layers 6 and 5. * eth1/wan1/wan2/wan3 are layer 3 pieces. Make special note of layer-4 and what it's purpose is. Then also notice that it sits between the NIC and eth* / wan* devices and Squid. * IP address is a layer 4 thing. Squid uses the default IP address of the box. As you discovered, setting tcp_outgoing_address to one specific IP address changes the IP Squid sends from. How the lower layers use the two IP addresses is up to your iptables configuration. The addresses and links going into Squid are completely separate from the links going out of Squid. Amos
