[squid-users] use tcp_outgoing_address based on incoming port connection
Amos Jeffries
squid3 at treenet.co.nz
Mon Apr 23 11:12:21 UTC 2018
On 23/04/18 12:45, xpro wrote:
> I have the following configuration that makes incoming connections
> coming to port 8000 to use the another proxy, in this case proxy8000
>
> http_port 8000 name=port_8000
> acl port_8000_acl myportname port_8000
> always_direct deny port_8000_acl
"don't always do" ... aka sometimes do, sometimes dont DNS lookup.
> never_direct allow port_8000_acl
"never do" DNS lookup.
No need for both requirements. Just use never_direct to forbid DNS being
used for that traffic.
> cache_peer 11.12.12.12 parent 20006 0 no-query default name=proxy8000
> cache_peer_access proxy8000 allow port_8000_acl
> cache_peer_access proxy8000 deny all
>
> But I want to modify it so I can tell it which local interface to use
> based on the incoming port. Right now I'm using the following in another
> Squid configuration, but it's not based on incoming port. It does it for
> all connections
You cannot do that. Squid is HTTP layer where you can, at most, request
from the OS that it assign a given IP address to the outgoing traffic.
>
> tcp_outgoing_address 172.16.11.106 # <-- that's my local ip
>
> Does tcp_outgoing_address have the same ability as cache_peer in my case?
Neither directive has the ability you are requesting.
* cache_peer determines the dst-IP for the outgoing TCP connections. If
the specific server is not available the TCP connection will fail
(because you have never_direct).
* tcp_outgoing_ip requests a specific src-IP for the outgoing TCP
connections. If that IP is not already assigned to the machine it is
invalid and connection will be rejected.
The OS routing setup decides;
a) whether the src-IP is valid, and
b) whether the dst-IP is routable, and
c) which NIC the packets with those values goes out.
Amos
More information about the squid-users
mailing list