From: gypsy <gypsy@iswest.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Two internet lines and squid problem.
Date: Fri, 19 Aug 2005 03:09:46 +0000 [thread overview]
Message-ID: <43054D7A.CCDB7207@iswest.com> (raw)
In-Reply-To: <485817760508180545204aff01@mail.gmail.com>
Stanislav Nedelchev wrote:
>
> I have 2 internet connections and i;m trying to use squid as transparent proxy
> but every time squid is using first internet line but i want to use
> second internet line .
> i have this settings and without squid it's working
> i have default route on the first internet connection.
> iptables -t nat -I POSTROUTING -o eth2 -p tcp --dport 80 -s
> 192.168.0.0/24 -d ! 192.168.0.0/16 -j SNAT --to 217.10.248.135
> /sbin/ip route add default via 217.10.248.135 dev eth2 table natips
> /sbin/ip rule add fwmark 66 table natips
>
> iptables -t mangle -I PREROUTING -i eth1 -p tcp --dport 80 -j MARK
> --set-mark 66
>
> iptables -t mangle -A FORWARD -i eth1 -p tcp --dport 80 -j MARK --set-mark 66
>
> I try to solve the problem moving squid to onother computer and i add
> additional rules like
> /sbin/ip route add default via 217.10.248.135 dev eth2 table natips
> /sbin/ip route add default via 192.168.0.11 dev eth1 table squid
> /sbin/ip route flush cache
> /sbin/ip rule add fwmark 67 table squid
> /sbin/ip rule add fwmark 66 table natips
>
> iptables -t mangle -I PREROUTING -i eth1 -p tcp -s 192.168.0.11
> --dport 80 -j MARK --set-mark 66
> iptables -t mangle -I PREROUTING -i eth1 -p tcp -d ! 192.168.0.11
> --dport 80 -j MARK --set-mark 67
>
> iptables -t mangle -A FOWARD -i eth1 -s 192.168.0.11 -p tcp --dport
> 80 -j MARK --set-mark 66
> iptables -t mangle -A FORWARD -i eth1 -p tcp -s ! 192.168.0.11
> --dport 80 -j MARK --set-mark 67
> iptables -t nat -I POSTROUTING -o eth2 -p tcp --dport 80 -s
> 192.168.0.0/24 -d ! 192.168.0.0/16 -j SNAT --to 217.10.248.135
> in this case web traffic is working but pages that uses SSL like gmail.com
> is not working
> can anybody help me to use squid like transparent proxy with 2
> internet connection and to use second one.
> Thank in advance.
I don't know anything at all about squid, but I recall a posting here
regarding HTB and squid where the poster suggested a patch for squid.
You might want to google "lartc squid patch" and see if there is
anything that helps. You might also want to google lists.netfilter.org.
--
gypsy
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
prev parent reply other threads:[~2005-08-19 3:09 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-18 12:45 [LARTC] Two internet lines and squid problem Stanislav Nedelchev
2005-08-19 3:09 ` gypsy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43054D7A.CCDB7207@iswest.com \
--to=gypsy@iswest.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.