[squid-users] Redirect certain sites to different gateway

Donald Muller donmuller22 at outlook.com
Mon Oct 22 19:52:27 UTC 2018 


> -----Original Message-----
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf
> Of Amos Jeffries
> Sent: Monday, October 22, 2018 2:10 AM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Redirect certain sites to different gateway
> 
> On 22/10/18 12:54 PM, Donald Muller wrote:
> > I have had squid running well for a while now on my NAS. The browser on
> > my PC was set up to use squid. A few weeks ago I started running a VPN
> > client on the same NAS. Everything still ran well. The other day I
> > change the VPN configuration so that all traffic on the NAS gets routed
> > through the VPN (VPN became the default gateway). Everything still ran
> > fine except for a few web sites. When I tried to reach my bank, let’s
> > say it is www.mybank.com,
> 
> You bank with "United Bank & Trust"?
> 
> When making up fake domain names please use the reserved names in the
> "example" namespace:  example.com, example.net, example.whatever
> 
> "mybank" is a registered domain name  - it may or may not be a real
> bank. Either way no need to connect it with your problems.
> 

Noted!

> 
> > from my PC I received a “This site can’t be
> > reached” error. I’m assuming that the bank site won’t allow connections
> > from a VPN server.
> >
> 
> Assuming leads to problems and "solutions" that don't work. Test your
> assumption
>  - check your proxy cache.log for messages about traffic to that website
>  - check your access.log for response status on traffic to that website
>  - setup a test machine that makes requests via different gateways and
> see what happens differently at the TCP (and if relevant TLS) layers.
> 
> 

If I do not use the VPN as the default gateway I can reach the site with no issues. Once I enable the VPN to be the default gateway the site stops working.

> >
> > Not sure if it is doable but is it possible via squid to redirect a
> > request to a different gateway based on the URL (www.mybank.com
> > <http://www.mybank.com>)? If possible how to accomplish this?
> >
> 
> What you are calling "redirect" is not possible for Squid to do itself.
> The OS routing system is responsible for selecting which routing gateway
> traffic goes through.
> 

Setting up a static route is probably the preferred method but was hoping to be able to do it via a URL instead of figuring out all the IP addresses the site uses. I will attempt the static route method.

> What Squid can do is mark traffic selectively with a TOS
> (tp_uotgoing_tos) or nefilter/iptables MARK (tcp_outgoing_mark) the OS
> uses to decide on a NIC gateway for. The dstdomain ACL can be used to
> label traffic by domain.
> 
> 
> But until you actually confirm your assumption was true, it may not
> actually do anything useful.
> 
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list