> -----Original Message----- > From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf > Of Amos Jeffries > Sent: Monday, October 22, 2018 2:10 AM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: Redirect certain sites to different gateway > > On 22/10/18 12:54 PM, Donald Muller wrote: > > I have had squid running well for a while now on my NAS. The browser on > > my PC was set up to use squid. A few weeks ago I started running a VPN > > client on the same NAS. Everything still ran well. The other day I > > change the VPN configuration so that all traffic on the NAS gets routed > > through the VPN (VPN became the default gateway). Everything still ran > > fine except for a few web sites. When I tried to reach my bank, let’s > > say it is www.mybank.com, > > You bank with "United Bank & Trust"? > > When making up fake domain names please use the reserved names in the > "example" namespace: example.com, example.net, example.whatever > > "mybank" is a registered domain name - it may or may not be a real > bank. Either way no need to connect it with your problems. > Noted! > > > from my PC I received a “This site can’t be > > reached” error. I’m assuming that the bank site won’t allow connections > > from a VPN server. > > > > Assuming leads to problems and "solutions" that don't work. Test your > assumption > - check your proxy cache.log for messages about traffic to that website > - check your access.log for response status on traffic to that website > - setup a test machine that makes requests via different gateways and > see what happens differently at the TCP (and if relevant TLS) layers. > > If I do not use the VPN as the default gateway I can reach the site with no issues. Once I enable the VPN to be the default gateway the site stops working. > > > > Not sure if it is doable but is it possible via squid to redirect a > > request to a different gateway based on the URL (www.mybank.com > > <http://www.mybank.com>)? If possible how to accomplish this? > > > > What you are calling "redirect" is not possible for Squid to do itself. > The OS routing system is responsible for selecting which routing gateway > traffic goes through. > Setting up a static route is probably the preferred method but was hoping to be able to do it via a URL instead of figuring out all the IP addresses the site uses. I will attempt the static route method. > What Squid can do is mark traffic selectively with a TOS > (tp_uotgoing_tos) or nefilter/iptables MARK (tcp_outgoing_mark) the OS > uses to decide on a NIC gateway for. The dstdomain ACL can be used to > label traffic by domain. > > > But until you actually confirm your assumption was true, it may not > actually do anything useful. > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
