Search squid archive

tcp_outgoing_address directive ignored, data goes out on default gateway

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
I'm trying to use tcp_outgoing_address to forward traffic from specific users to a specific interface.

running squid 5.7 (on openwrt).
have a few interfaces on my machine, two of which are VPN interfaces with IPs (internal) 10.200.0.70  and 10.102.237.50.
trying to forward user "uk" to the interface with IP 10.200.0.70 is "ignored" - I can see that the default WAN interface is used. I see it by using a simple "what is my ip" test when using the proxy, and checking the traffic of the interfaces when sending requests.

the relevant excerpt from the squid conf:
acl auth_users proxy_auth REQUIRED
acl wg_uk proxy_auth uk
tcp_outgoing_address 10.200.0.70 wg_uk


I can see that the IP and config are not wrong because the requests don't get 503 errors (if I change the IP to a non existing one, e.g. 10.200.0.71 I do get 503 errors).

small excerpt from the squid_cache.log (proxy server is 192.168.1.1, proxy client is 192.168.1.149)
2022/11/26 11:28:48.286| 17,3| FwdState.cc(394) Start: 'http://detectportal.firefox.com/canonical.html'
2022/11/26 11:28:48.286| 17,2| FwdState.cc(157) FwdState: Forwarding client request conn157 local=192.168.1.1:3128 remote=192.168.1.149:64723 FD 13 flags=1, url="" href="http://detectportal.firefox.com/canonical.html">http://detectportal.firefox.com/canonical.html
2022/11/26 11:28:48.287| 44,2| peer_select.cc(460) resolveSelected: Find IP destination for: http://detectportal.firefox.com/canonical.html' via detectportal.firefox.com
2022/11/26 11:28:48.287| 14,4| ipcache.cc(607) nbgethostbyname: detectportal.firefox.com
2022/11/26 11:28:48.287| 14,3| Address.cc(389) lookupHostIP: Given Non-IP 'detectportal.firefox.com': Name does not resolve
2022/11/26 11:28:48.287| 14,4| ipcache.cc(647) ipcache_nbgethostbyname_: ipcache_nbgethostbyname: HIT for 'detectportal.firefox.com'
2022/11/26 11:28:48.287| 14,7| ipcache.cc(250) forwardIp: 34.107.221.82
2022/11/26 11:28:48.287| 28,3| Checklist.cc(70) preCheck: 0x7ffd71e3d440 checking fast ACLs
2022/11/26 11:28:48.287| 28,5| Acl.cc(124) matches: checking tcp_outgoing_address 10.200.0.70
2022/11/26 11:28:48.287| 28,5| Acl.cc(124) matches: checking (tcp_outgoing_address 10.200.0.70 line)
2022/11/26 11:28:48.287| 28,5| Acl.cc(124) matches: checking wg_uk
2022/11/26 11:28:48.287| 29,5| UserRequest.cc(75) valid: Validated. Auth::UserRequest '0x1bad2e0'.
2022/11/26 11:28:48.287| 28,4| Acl.cc(346) cacheMatchAcl: ACL::cacheMatchAcl: cache hit on acl 'wg_uk' (0x1551ca0)
2022/11/26 11:28:48.287| 28,3| Acl.cc(151) matches: checked: wg_uk = 1
2022/11/26 11:28:48.287| 28,3| Acl.cc(151) matches: checked: (tcp_outgoing_address 10.200.0.70 line) = 1
2022/11/26 11:28:48.287| 28,3| Acl.cc(151) matches: checked: tcp_outgoing_address 10.200.0.70 = 1
2022/11/26 11:28:48.287| 28,3| Checklist.cc(63) markFinished: 0x7ffd71e3d440 answer ALLOWED for match
2022/11/26 11:28:48.287| 28,4| FilledChecklist.cc(67) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7ffd71e3d440
2022/11/26 11:28:48.287| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7ffd71e3d440
2022/11/26 11:28:48.287| 24,7| SBuf.cc(209) append: from c-string to id SBuf10501
2022/11/26 11:28:48.287| 24,7| SBuf.cc(160) rawSpace: reserving 46 for SBuf10501
2022/11/26 11:28:48.287| 24,7| SBuf.cc(866) reAlloc: SBuf10501 new store capacity: 128
2022/11/26 11:28:48.287| 44,2| peer_select.cc(1171) handlePath: PeerSelector27 found conn167 local=10.200.0.70 remote=34.107.221.82:80 HIER_DIRECT flags=1, destination #1 for http://detectportal.firefox.com/canonical.html
2022/11/26 11:28:48.288| 44,2| peer_select.cc(1177) handlePath:   always_direct = DENIED
2022/11/26 11:28:48.288| 44,2| peer_select.cc(1178) handlePath:    never_direct = DENIED
2022/11/26 11:28:48.288| 44,2| peer_select.cc(1179) handlePath:        timedout = 0
2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27
2022/11/26 11:28:48.288| 17,3| FwdState.cc(631) noteDestination: conn167 local=10.200.0.70 remote=34.107.221.82:80 HIER_DIRECT flags=1
2022/11/26 11:28:48.288| 17,3| FwdState.cc(1135) connectStart: 1+ paths to http://detectportal.firefox.com/canonical.html
2022/11/26 11:28:48.288| 11,7| HttpRequest.cc(468) clearError: old: ERR_NONE
2022/11/26 11:28:48.288| 17,5| AsyncCall.cc(30) AsyncCall: The AsyncCall FwdState::noteConnection constructed, this=0x1b97100 [call1887]
2022/11/26 11:28:48.288| 93,5| AsyncJob.cc(34) AsyncJob: AsyncJob constructed, this=0x1b86e18 type=HappyConnOpener [job99]
2022/11/26 11:28:48.288| 93,5| AsyncCall.cc(30) AsyncCall: The AsyncCall AsyncJob::start constructed, this=0x1b09300 [call1888]
2022/11/26 11:28:48.288| 93,5| AsyncCall.cc(97) ScheduleCall: AsyncJob.cc(26) will call AsyncJob::start() [call1888]
2022/11/26 11:28:48.288| 14,7| ipcache.cc(250) forwardIp: [2600:1901:0:38d7::]
2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27
2022/11/26 11:28:48.288| 24,6| SBuf.cc(99) assign: SBuf10502 from c-string, n=4294967295)
2022/11/26 11:28:48.288| 28,4| FilledChecklist.cc(67) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7ffd71e3d440
2022/11/26 11:28:48.288| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7ffd71e3d440
2022/11/26 11:28:48.288| 24,7| SBuf.cc(209) append: from c-string to id SBuf10503
2022/11/26 11:28:48.288| 24,7| SBuf.cc(160) rawSpace: reserving 46 for SBuf10503
2022/11/26 11:28:48.288| 24,7| SBuf.cc(866) reAlloc: SBuf10503 new store capacity: 128
2022/11/26 11:28:48.288| 44,2| peer_select.cc(1171) handlePath: PeerSelector27 found conn168 local=[::] remote=[2600:1901:0:38d7::]:80 HIER_DIRECT flags=1, destination #2 for http://detectportal.firefox.com/canonical.html
2022/11/26 11:28:48.288| 44,2| peer_select.cc(1177) handlePath:   always_direct = DENIED
2022/11/26 11:28:48.288| 44,2| peer_select.cc(1178) handlePath:    never_direct = DENIED
2022/11/26 11:28:48.288| 44,2| peer_select.cc(1179) handlePath:        timedout = 0
2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27
2022/11/26 11:28:48.288| 17,3| FwdState.cc(631) noteDestination: conn168 local=[::] remote=[2600:1901:0:38d7::]:80 HIER_DIRECT flags=1
2022/11/26 11:28:48.288| 17,7| FwdState.cc(690) notifyConnOpener: reusing pending notification about 2+ paths
2022/11/26 11:28:48.288| 14,7| ipcache.cc(231) finalCallback: 0x1af12b8
2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27
2022/11/26 11:28:48.288| 44,7| peer_select.cc(1149) interestedInitiator: PeerSelector27
2022/11/26 11:28:48.288| 24,7| SBuf.cc(209) append: from c-string to id SBuf10504
2022/11/26 11:28:48.288| 24,7| SBuf.cc(160) rawSpace: reserving 46 for SBuf10504
2022/11/26 11:28:48.288| 24,7| SBuf.cc(866) reAlloc: SBuf10504 new store capacity: 128
2022/11/26 11:28:48.288| 44,2| peer_select.cc(479) resolveSelected: PeerSelector27 found all 2 destinations for http://detectportal.firefox.com/canonical.html
2022/11/26 11:28:48.288| 44,2| peer_select.cc(480) resolveSelected:   always_direct = DENIED
2022/11/26 11:28:48.288| 44,2| peer_select.cc(481) resolveSelected:    never_direct = DENIED
2022/11/26 11:28:48.288| 44,2| peer_select.cc(482) resolveSelected:        timedout = 0


can anyone help me understand what I'm missing?
thanks!
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux