What you have done looks about right, however, dst acls applies to the
destination of the URL, not where the request is beeing forwarded.
I do not think there is a acl type for matching the address of the peer
the request is beeing forwarded to, however, in your described scenario
there usually is no need at all in having Squid specify the source IP
address as your routing table can do the job just fine in a more
intuitive manner..
All you need is a route for your sibling via the ispB network with a
correct source address. Source addresses are usually assigned correctly
automatically provided the router addresses resides in different
networks, but if the different paths share the same IP network in the
first hop from your server then you can select source address by route.
See the description of "ip route".
Regards
Henrik
Arindam Haldar wrote:
>
> hi all,
>
> We are using squid 25s1 with kernel 2.4.19 and iproute2(+julian's
> Pathes) with the following acl..
>
> acl short_path dst 128.0.0.0/8
> tcp_outgoing_address myIp2nd short_path
>
> we are linked to 2 isp--one having satelite & the other OFC. We want the
> above mentioned network to go thru OFC(ispB) as the sibling resides
> there. But when i use squidclient mgr:server_list command i see that rtt
> is still 650ms which is the time taken by satelite provider(ispA). The
> OFC takes 230ms.
>
> On this linux box we have 2 interface linked to different isp & the 3rd
> serves our local network.. The rules defined are...
>
> 50: from NETB lookup ispB
> 50: from ofiNetA lookup ispB
> 50: from ofiNetB lookup ispB
> 75: from NETA lookup ispA
> 125: from ofiNetC lookup BALANCE
> 125: from ofiNetD lookup BALANCE
> 125: from ofiNetE lookup BALANCE
> 32766: from all lookup main
> 32767: from all lookup default
>
> the default is defined in default table & is towards ispA & the other
> routes are, ascan be guessed, according to the providers.
>
> My Question is--
> what can be done so that squid uses path according to the interface
> defined ?
> how can local generated packets(on the linux box) uses a path as wanted
> by us(in the rules) ?
>
> Awaiting a reply/suggestion/experience from you very anxiously..
>
> A.H
Received on Mon Nov 25 2002 - 01:03:32 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:33 MST