[squid-users] want ignore if the ips added to the interface and force running it

[Amos Jeffries]

On 12/01/18 01:08, Antony Stone wrote:
> On Thursday 11 January 2018 at 13:02:43, Matus UHLAR - fantomas wrote:
> 
>>>> On 11/01/18 21:50, --Ahmad-- wrote:
>>>>> must the ip be attached on os interface so that squid use it as
>>>>> outgoing address ? can squid use outgoing address that not being
>>>>> attached to the interface ?
>>>>
>>>> On Jan 11, 2018, at 12:07 PM, Amos Jeffries wrote:
>>>> No it cannot.
>>
>> On 11.01.18 12:22, --Ahmad-- wrote:
>>> is this squid limitation ?
>>>
>>> or
>>>
>>> kernel limitation ?
>>
>> what about logical limitation? in order for software to use an IP address,
>> that address must be configured in the system.
> 
> I'd say it's a networking limitation.  If Squid sends packets from an address
> which is not on the server, where will the reply packets end up and what use
> are they?
> 

Indeed.

So to reply to Ahmad more clearly;

It is a limitation being _enforced_ by your kernel networking system. 
But that is only enforcement so don't think you can just patch around 
it. Patching around this one will just make you hit other errors 
elsewhere with the networking systems.


The only way to send non-assigned IPs from a machine is with mechanisms 
like TPROXY. Which places requirements on the *inbound* networking 
operates. Those inbound requirements prohibit Squid from being 
configured like you are wanting its inbound to operate.


Anyhow, I think we are getting well of track with this. My earlier 
suggested config was correct and the only way to reliably do what you 
said you wanted. Other problems can still occur, but are not related to
the problem you first posted nor to the config I suggested to make that 
requested behaviour happen.

Amos