Thanks for ur reply,
so i can tell squid :
traffic to <destination> must use gateway X
but not :
traffic from <source> must use gateway X
Do I understand?
Le 01/03/2014 11:54, Amos Jeffries a écrit :
On 1/03/2014 10:33 p.m., Kevin Lesage wrote:
Hello,
i'm using pfsense 2.1 with squid 3.1.20.
I have 2 Wan and 2 Lan interfaces :
Wan1 : 10.0.0.100/24 => Gateway 10.0.0.138/24 (default)
Wan2 : 192.168.1.100/24 => Gateway 192.168.1.100/24
Lan1 : 192.168.50.0/24
Lan2 : 172.16.0.0/16
With firewall rules, i can get computers from Lan1 subnet access to
internet only through WAN1, and computers from Lan2
Subnet only through WAN2.
But wen I ask Squid to bind interfaces LAN1 and LAN2, and add customs
options :
acl LAN1 src 192.168.50.0/24
acl LAN2 src 172.16.0.0/16
tcp_outgoing_address 10.0.0.100 LAN1
tcp_outgoing_address 192.168.1.100 LAN2
all http traffic passes through only one WAN gateway, which is
10.0.0.138 (default)!
How can i do?
Squid does not "bind interfaces" and neither does it have anything
directly to do with routing decisions. All it does is set the source IP
address on outgoing packets and let the OS decide which interface is used.
Two things may be happening:
1) If neither of your ACLs are matching the default/master IP for the
machine will be used instead of the configured ones. Usually that is the
primary IP on eth0.
2) Routing rules are usually based on destination IP in my experience,
rather than source IPs. If your gateway descision is indeed based on
10.0.0.0/24 and 192.168.1.0/24 networks then all other packets includign
those destined to Internet ranges will be using the default gateway.
Amos