Hi,
I seem to be running in to a problem with tcp_outgoing_address binding to
the incorrect interface address when sending traffic.
I have a private subnet which is not routable which I use squid to reach
stuff on. This is on a seperate network interface on the server. Squid
also sends other traffic out to the Internet (which seems to work fine).
What I find is that when trying to connect to stuff on the non-routable
subnet, it takes two requests from the browser to access it.
I have squid configured with an acl:
acl local_network dst 10.0.0.0/16
and with the tcp_outgoing_address section as follows:
tcp_outgoing_address 10.0.0.254 local_network
tcp_outgoing_address <real ip> !local_network
netstat shows that Squid sends out a SYN but with the wrong source
address (uses the real IP) on the first attempt, and this fails as it
can't route to that network on that interface. If I re-send the request in
the browser (hit enter in address bar), it then sends the request from the
correct local IP and subsquently works.
Can anyone suggest what's wrong?
Thanks,
john
