[squid-dev] squid tcp_outgoing_address feature not working

[Amos Jeffries]

On 15/04/2015 9:16 p.m., naishal0748 wrote:>
> I have setup squid transparent proxy with following configurations in
centos
> 6.2 :
>
> eth0 - LAN Network
> eth1 - WAN1 - IP - 192.168.3.15 - Gateway IP - 192.168.3.1
> eth2 - WAN2 - IP - 192.168.5.15 - Gateway IP - 192.168.5.1 (Default
Gateway)
>
> I want to route 10.2.0.0/16 traffic to WAN1
>
> I have used my squid.conf file to mention that as below
>
> acl localnet src 10.2.0.0/16
>
> tcp_outgoing_address 192.168.3.15 localnet
>
> But all the traffic is going through eth2 only. I want all the traffic
to go
> through eth1 based on my source address.

Welcome to the world of application layer gateways.

There is no guarantee that IPv4 is being used outbound. You may in fact
be using IPv6 to contact servers.
 All that means is that you need to set a WAN1 IPv6 address in a second
tcp_outgoing_address line for the IPv6.


Also be aware the selection of NIC is entirely up to the kernel routing
logics. Older Linux were well-known for their annoying ability to accept
or send from any NIC using any IP assigned to the machine, depending on
whether you had some voodoo setup in the routing config or not. CentOS
uses ancient enough kernels that it probably does not have the bug fixes
for that.

So, double check that Squid is actually sending from 192.168.3.15 like
you expect. If not we can help you a little further to figure out why
and see if that fixes things for you.


One other effect I've seen in action is that NAT on outbound can take
Squids tcp_outgoing_address and change it so the packets go out the
wrong NIC with different IP entirely.


Otherwise its a kernel routing problem, and we probably cant help with that.

>
> I have already setup routing on my linux server for eth1 and eth2.
>
> Someone please help.

NP: Please use squid-users for this type of help query in future.

Amos