From: Vincent Jaussaud <tatooin@kelkoo.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Lartc & Squid
Date: Tue, 26 Nov 2002 17:43:14 +0000 [thread overview]
Message-ID: <marc-lartc-103833269706661@msgid-missing> (raw)
In-Reply-To: <marc-lartc-103819757613791@msgid-missing>
On Mon, 2002-11-25 at 05:08, Arindam Haldar wrote:
> hi all,
hi,
>
> We are using squid 25s1 with kernel 2.4.19 and iproute2(+julian's
> Pathes) with the following acl..
>
> acl short_path dst 128.0.0.0/8
> tcp_outgoing_address myIp2nd short_path
>
> we are linked to 2 isp--one having satelite & the other OFC. We want the
> above mentioned network to go thru OFC(ispB) as the sibling resides
> there. But when i use squidclient mgr:server_list command i see that rtt
> is still 650ms which is the time taken by satelite provider(ispA). The
> OFC takes 230ms.
>
ip rule add prio 50 to 128.0.0.0/8 lookup ispB
should do the trick.
> My Question is--
> what can be done so that squid uses path according to the interface
> defined ?
I'm not sure to understand your question. But if you want all packets
sent by squid to use a specific gateway, you need to mark them, and
route them according to this.
Eg,
iptables -t mangle -A OUTPUT -m owner --uid-owner squid_uid -j MARK
--set-mark 1
Then,
ip rule add prio 50 fwmark 1 lookup ispX
> how can local generated packets(on the linux box) uses a path as wanted
> by us(in the rules) ?
>
Same answer, mark them.
iptables -t mangle -A OUTPUT -j MARK --set-mark 2
Then, instruct the kernel to route marked packets through a specific ISP
ip rule add prio 50 fwmark 2 lookup ispX
> Awaiting a reply/suggestion/experience from you very anxiously..
Hope this helps.
Cheers,
Vincent.
>
> A.H
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
--
Vincent Jaussaud
Kelkoo.com Security Manager
email: tatooin@kelkoo.com
"The UNIX philosophy is to design small tools that do one thing, and do
it well."
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2002-11-26 17:43 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-11-25 4:20 [LARTC] Lartc & Squid Arindam Haldar
2002-11-26 17:43 ` Vincent Jaussaud [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-103833269706661@msgid-missing \
--to=tatooin@kelkoo.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.