[squid-users] want ignore if the ips added to the interface and force running it
Amos Jeffries
squid3 at treenet.co.nz
Thu Jan 11 12:37:56 UTC 2018
On 12/01/18 01:08, Antony Stone wrote:
> On Thursday 11 January 2018 at 13:02:43, Matus UHLAR - fantomas wrote:
>
>>>> On 11/01/18 21:50, --Ahmad-- wrote:
>>>>> must the ip be attached on os interface so that squid use it as
>>>>> outgoing address ? can squid use outgoing address that not being
>>>>> attached to the interface ?
>>>>
>>>> On Jan 11, 2018, at 12:07 PM, Amos Jeffries wrote:
>>>> No it cannot.
>>
>> On 11.01.18 12:22, --Ahmad-- wrote:
>>> is this squid limitation ?
>>>
>>> or
>>>
>>> kernel limitation ?
>>
>> what about logical limitation? in order for software to use an IP address,
>> that address must be configured in the system.
>
> I'd say it's a networking limitation. If Squid sends packets from an address
> which is not on the server, where will the reply packets end up and what use
> are they?
>
Indeed.
So to reply to Ahmad more clearly;
It is a limitation being _enforced_ by your kernel networking system.
But that is only enforcement so don't think you can just patch around
it. Patching around this one will just make you hit other errors
elsewhere with the networking systems.
The only way to send non-assigned IPs from a machine is with mechanisms
like TPROXY. Which places requirements on the *inbound* networking
operates. Those inbound requirements prohibit Squid from being
configured like you are wanting its inbound to operate.
Anyhow, I think we are getting well of track with this. My earlier
suggested config was correct and the only way to reliably do what you
said you wanted. Other problems can still occur, but are not related to
the problem you first posted nor to the config I suggested to make that
requested behaviour happen.
Amos
More information about the squid-users
mailing list