[squid-users] ACL with a non-contiguous mask - using multiple outgoing addresses
Scott
3m9n51s2ewut at thismonkey.com
Sun Jul 16 12:03:34 UTC 2023
Hi all,
I have four IPv4s that I use for outgoing source addresses to origin servers.
I currently have them used randomly, but this sometimes causes issues for
certain sites that get confused if your source changes for various resources.
For these sites I have an exception to the random IPs.
I decided to create the following acls which should match on the 2 low-order
bits in the client addresses:
acl tm_src_v4_00 src 10.0.0.0 255.0.0.3
acl tm_src_v4_01 src 10.0.0.1 255.0.0.3
acl tm_src_v4_10 src 10.0.0.2 255.0.0.3
acl tm_src_v4_11 src 10.0.0.3 255.0.0.3
tcp_outgoing_address 10.1.22.21 tm_src_v4_00
tcp_outgoing_address 10.1.22.22 tm_src_v4_01
tcp_outgoing_address 10.1.22.23 tm_src_v4_10
tcp_outgoing_address 10.1.22.24 tm_src_v4_11
However I did not get the behaviour I was after, rather all clients use the
same outgoing address.
Is there a way to share multiple outgoing IPs while maintaining consistency
per-source?
Follow-up: can I do the same for IPv6 clients?
Thanks,
Scott
PS: As an aside, the following ACL generated the following warning:
acl tm_src_11 src 0.0.0.3 0.0.0.3
Configuration for squid passes.
2023/07/15 23:38:40| WARNING: (B) '0.0.0.3' is a subnetwork of (A) '0.0.0.3'
2023/07/15 23:38:40| WARNING: because of this '0.0.0.3' is ignored to keep splay tree searching predictable
2023/07/15 23:38:40| WARNING: You should probably remove '0.0.0.3' from the ACL named 'tm_src_11'
Could someone please explain what the issue is with that ACL? Thanks.
More information about the squid-users
mailing list