All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] routing between 2 lines problem , after starting squid
@ 2005-06-30 15:35 Stanislav Nedelchev
  0 siblings, 0 replies; 2+ messages in thread
From: Stanislav Nedelchev @ 2005-06-30 15:35 UTC (permalink / raw)
  To: lartc

i'm using one line on eth2 only for web traffic 
eth1 is my internal line and eth0 is my main line to internet .
i'm marking packets like this 

i have default route on eth0

iptables -t mangle -A PREROUTING  -i eth1 -p tcp --dport 80 -j MARK
--set-mark 66
iptables -t mangle -A PREROUTING  -i eth1 -p tcp --sport 80 -j MARK
--set-mark 66
iptables -t mangle -A PREROUTING  -i eth1 -p tcp --dport 3128 -j MARK
--set-mark 66
iptables -t mangle -A PREROUTING  -i eth1 -p tcp --sport 3128 -j MARK
--set-mark 66

iptables -t mangle -A FORWARD  -p tcp --sport 80 -j MARK --set-mark 66
iptables -t mangle -A FORWARD  -p tcp --dport 80 -j MARK --set-mark 66
iptables -t mangle -A FORWARD  -p tcp --sport  3128 -j MARK --set-mark 66
iptables -t mangle -A FORWARD  -p tcp --dport  3128 -j MARK --set-mark 66


iptables -t nat -A POSTROUTING -o eth2 -p tcp --dport 80 -s
192.168.0.0/24 -d ! 192.168.0.0/16 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth2 -p tcp --dport 3128 -s
192.168.0.0/24 -d ! 192.168.0.0/16 -j MASQUERADE

i have also 
/sbin/ip route add 192.168.0.0/24 dev eth1 table natips
/sbin/ip route add 127.0.0.0/8 dev lo  scope link table natips
/sbin/ip route add default via 217.10.248.1 dev eth2 table natips
/sbin/ip route flush cache
/sbin/ip rule add fwmark 66 table natips


squid is running 
on 192.168.0.1:3128

without squid it's working i'm using second line for web traffic
with squid it's not working 

can anybody help me 

Thanks in advance.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [LARTC] routing between 2 lines problem , after starting squid
@ 2005-07-01  8:22 lartc
  0 siblings, 0 replies; 2+ messages in thread
From: lartc @ 2005-07-01  8:22 UTC (permalink / raw)
  To: lartc

hi stanislav,

i am really busy, but i can comment that i think your problem is coming
from locally generated packets -- squid intercepts your web traffic,
checks it local store, and then recreates the http get and sends it off.
the local routing table is consulted, but i have bad luck in the past
getting it work like you want.


inside the squid.conf:
#       acl normal_service_net src 10.0.0.0/255.255.255.0
#       acl good_service_net src 10.0.1.0/255.255.255.0
#       tcp_outgoing_address 10.0.0.1 normal_service_net
#       tcp_outgoing_address 10.0.0.2 good_service_net
#       tcp_outgoing_address 10.0.0.3

you can see that it is possible to setup an acl and/or select the
outgoing address (and bypass/fool the local routing table). as you are
marking packets, and if you want to be very granular, you should
probably run two instances of squid. each instance needs it own store --
do not use the same cache directory.

you can then send packets to the correct squid instance in PREROUTING
(each instance listens on a different port).


hth

cheers

charles


On Thu, 2005-06-30 at 17:35 +0200, Stanislav Nedelchev wrote:
> i'm using one line on eth2 only for web traffic 
> eth1 is my internal line and eth0 is my main line to internet .
> i'm marking packets like this 
> 
> i have default route on eth0
> 
> iptables -t mangle -A PREROUTING  -i eth1 -p tcp --dport 80 -j MARK
> --set-mark 66
> iptables -t mangle -A PREROUTING  -i eth1 -p tcp --sport 80 -j MARK
> --set-mark 66
> iptables -t mangle -A PREROUTING  -i eth1 -p tcp --dport 3128 -j MARK
> --set-mark 66
> iptables -t mangle -A PREROUTING  -i eth1 -p tcp --sport 3128 -j MARK
> --set-mark 66
> 
> iptables -t mangle -A FORWARD  -p tcp --sport 80 -j MARK --set-mark 66
> iptables -t mangle -A FORWARD  -p tcp --dport 80 -j MARK --set-mark 66
> iptables -t mangle -A FORWARD  -p tcp --sport  3128 -j MARK --set-mark 66
> iptables -t mangle -A FORWARD  -p tcp --dport  3128 -j MARK --set-mark 66
> 
> 
> iptables -t nat -A POSTROUTING -o eth2 -p tcp --dport 80 -s
> 192.168.0.0/24 -d ! 192.168.0.0/16 -j MASQUERADE
> iptables -t nat -A POSTROUTING -o eth2 -p tcp --dport 3128 -s
> 192.168.0.0/24 -d ! 192.168.0.0/16 -j MASQUERADE
> 
> i have also 
> /sbin/ip route add 192.168.0.0/24 dev eth1 table natips
> /sbin/ip route add 127.0.0.0/8 dev lo  scope link table natips
> /sbin/ip route add default via 217.10.248.1 dev eth2 table natips
> /sbin/ip route flush cache
> /sbin/ip rule add fwmark 66 table natips
> 
> 
> squid is running 
> on 192.168.0.1:3128
> 
> without squid it's working i'm using second line for web traffic
> with squid it's not working 
> 
> can anybody help me 
> 
> Thanks in advance.
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

-- 
"simplified chinese" is not nearly as easy as they would
have you believe ... a superlative oxymoron" --anonymous


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-07-01  8:22 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-30 15:35 [LARTC] routing between 2 lines problem , after starting squid Stanislav Nedelchev
  -- strict thread matches above, loose matches on Subject: below --
2005-07-01  8:22 lartc

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.