On 9/01/2016 4:54 p.m., Verónica Ovando wrote: > Hi! > > I have a some specific questions about the directive > /tcp_outgoing_address/. I need to know if it could works for my deployment: > > My Squid 34.8 runs over Debian Jessie. I have a multiwan environment > with dual internet connection. > > There are some clients that visit web pages that only allow certain > public IPs to access them. Only one of my two public IPs is allowed to > access those services. I red some examples about /tcp_outgoing_address/ > from de Squid docs and other resources and they are all like this one: > > acl abc src 10.0.0.0/24 > acl xyz 10.0.2.0/24 > tcp_outgoing_address 10.1.0.1 abc > tcp_outgoing_address 10.1.0.2 xyz > tcp_outgoing_address 10.1.0.3 > > I am not sure (this is the reason of my question) if I can use the > directive in this way: > > acl pages url_regex -i "/path/to/restricted_access_pages" > tcp_outgoing_address my_gateway_ip abc > You can. The directive ACLs have access to anything in the HTTP request message, TCP client connection state, and the destination server IP but no other server details than IP. Just be aware that order is important, the first line to match for any connection will be applied and the remainder ignored. > Also, in multiwan environments frequent disconnect issues are common. > Can Squid handle the problem with /tcp_outgoing_address/, for example > when users need to access to email, for avoid those disconnection > problems? (I don't have load balancing, so the http requests use both > ADSL connections) Example: > > acl email url_regex -i "/path/to/email_pages" > tcp_outgoing_address my_gateway_ip email > No. All it does is select which IP to set on the TCP packets when opening a new outbound TCP connection. That in turn hints to the OS about which routing needs to be applied, but no more than that. It is also restricted in that the rules will only affect traffic of the same IP version as the address wanting to be set. A line with IPv4 address will have no effect on IPv6 outbound connections, and vice versa. PS / FYI: there is no good reason for a multi-WAN environment to encounter disconnection issues. If you are seeing such, then something is broken in your network routing or traffic management software. That is off topic here, but hopefully will head you in the right direction for a useful fix. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
