john wrote:
Hi,
I seem to be running in to a problem with tcp_outgoing_address binding
to the incorrect interface address when sending traffic.
I have a private subnet which is not routable which I use squid to reach
stuff on. This is on a seperate network interface on the server. Squid
also sends other traffic out to the Internet (which seems to work fine).
What I find is that when trying to connect to stuff on the non-routable
subnet, it takes two requests from the browser to access it.
I have squid configured with an acl:
acl local_network dst 10.0.0.0/16
"dst" requires a DNS lookup. This is a "slow" category ACL as we call it
in Squid.
and with the tcp_outgoing_address section as follows:
tcp_outgoing_address 10.0.0.254 local_network
tcp_outgoing_address <real ip> !local_network
tcp_outgoing_address is a "fast" category lookup. Which has no guarantee
of working when using "slow" category ACL types.
You need to get the "dst" lookup results cached in squid memory by an
earlier "slow" category lookup. http_access is good for this.
One http_access line which does the lookup (for example, the line which
permits that client access to the local_network area) will make the
address lookup work in most requests (emphasis on "most", no guarantees).
Amos
--
Please be using
Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
Current Beta Squid 3.1.0.18
