I've done some additional tests on squid :
I have:
eth0: ip-public-isp1
eth1: ip-public-isp2
eth0:0 internal-private-ip
default route through isp1. (this is the one always used)
another default route through isp2.
resolv.conf:
ns1.isp1.ro
ns2.isp1.ro
ns.isp2.ro
ns-private.internal.ro (firewall with caching DNS, private ip)
-------------------------------------
Using ipchains logging:
any program that needs to perform dns lookups :
source ip: ip-public-isp1
dest ip: ns1.isp1.ro 53
-- lookup succesfull.
squid when performing a lookup:
source ip: internal-private-ip !!! (why ???)
dest ip: ns1.isp1.ro 53
-- lookup fails, ofcourse, packet cannot be routed back
then it tries all entries in resolv.conf, and finally,
ns-private.internal.ro responds, because it has a similar private ip.
This behaviour is regardless of tcp_outgoing_address line.
Also, internal-private-ip is the address where squid listens for
clients.
=====
ing. Andrei Boros
Centrul pt. Tehnologia Informatiei
Societatea Romana de Radiodifuziune
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
Received on Thu May 03 2001 - 07:16:17 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:48 MST