On 27/06/2014 6:43 p.m., Nishant Sharma wrote: > On Friday 27 June 2014 11:58 AM, Nishant Sharma wrote: >> >> On Friday 27 June 2014 10:05 AM, Amos Jeffries wrote: >>>> acl even src 0.0.0.0/0.0.0.1 >>>> tcp_outgoing_address wan1 even >>>> tcp_outgoing_address wan2 !even >>>> >> wan1 & wan2 in the config are the actual WAN IP Addresses (IPv4) and NAT >> rules are properly set-up for both the WANs. If I divide the LAN into >> two /25 subnets it works fine. But not with masked bits. >> >> Is there any debug option that I could enable to see how these ACLs are >> being matched or by-passed? "debug_options ALL,9" can be an overkill for >> this? > > Here are the debug logs. I see that it is trying to compare SRC-IP:Port > pair against the ACL and result is always "0". > > Any pointers? Ah, Squid-3 is using CIDR masking. Sorry should have remembered earlier how strict this is. The two /25 subnets (or groups of /26 etc) is the way to go. Amos
