On 7/16/23 08:03, Scott wrote:
Hi all, I have four IPv4s that I use for outgoing source addresses to origin servers. I currently have them used randomly, but this sometimes causes issues for certain sites that get confused if your source changes for various resources. For these sites I have an exception to the random IPs. I decided to create the following acls which should match on the 2 low-order bits in the client addresses: acl tm_src_v4_00 src 10.0.0.0 255.0.0.3
The above adds two IP addresses to the tm_src_v4_00 ACL: 10.0.0.0 and 255.0.0.3.
Try this (untested but matching the documented syntax) instead: acl tm_src_v4_00 src 10.0.0.0/255.0.0.3 HTH, Alex.
acl tm_src_v4_01 src 10.0.0.1 255.0.0.3 acl tm_src_v4_10 src 10.0.0.2 255.0.0.3 acl tm_src_v4_11 src 10.0.0.3 255.0.0.3 tcp_outgoing_address 10.1.22.21 tm_src_v4_00 tcp_outgoing_address 10.1.22.22 tm_src_v4_01 tcp_outgoing_address 10.1.22.23 tm_src_v4_10 tcp_outgoing_address 10.1.22.24 tm_src_v4_11 However I did not get the behaviour I was after, rather all clients use the same outgoing address. Is there a way to share multiple outgoing IPs while maintaining consistency per-source? Follow-up: can I do the same for IPv6 clients? Thanks, Scott PS: As an aside, the following ACL generated the following warning: acl tm_src_11 src 0.0.0.3 0.0.0.3 Configuration for squid passes. 2023/07/15 23:38:40| WARNING: (B) '0.0.0.3' is a subnetwork of (A) '0.0.0.3' 2023/07/15 23:38:40| WARNING: because of this '0.0.0.3' is ignored to keep splay tree searching predictable 2023/07/15 23:38:40| WARNING: You should probably remove '0.0.0.3' from the ACL named 'tm_src_11' Could someone please explain what the issue is with that ACL? Thanks. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users