RE: [squid-users] Squid / Pintables to forward out another interface

From: Ehsan Lesani <[email protected]>
Date: Thu, 18 Sep 2003 02:06:47 +0100

Dear friend.
I told you. You can use IP command or iptables command to do this one
too. In IP command you can do source route and in iptables command it is
too easy. But that tag in squid.conf file will do it for you, so it is
not a good idea to use something else when squid does it itself.
If you have a problem with its routing command then I think I can help
you.

Best Regards.
Ehsan Lesani.
ehsan@lesani.net
ehsan@safineh.net

-----Original Message-----
From: Antony Stone [mailto:Antony@Soft-Solutions.co.uk]
Sent: 17 September 2003 19:23
To: Ehsan Lesani
Subject: Re: [squid-users] Squid / IPTables to forward out another
interface

On Wednesday 17 September 2003 11:45 pm, Ehsan Lesani wrote:

> Dear friend if you just want to set the squid gateway an interface
which
> is not the default one I think the easiest way is to use
> "tcp_outgoing_address" tag and then set its IP to which is on your
> favourite interface.

I would be surprised if this works, because routing (the selection of
which
interface to send packets out of) works under Linux according to the
destination address, not the source address.

However, I may be wrong, and this may work, so it may be worth
suggesting to
the person who wanted to do this (Thomas Sweatt). I suggest you post
something to the list.

Regards,

Antony.

> -----Original Message-----
> From: Antony Stone [mailto:Antony@Soft-Solutions.co.uk]
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] Squid / IPTables to forward out another
> interface
>
> On Wednesday 17 September 2003 5:52 pm, Thomas Sweatt wrote:
> > I've got Squid set up to function as a transparent proxy, and want
to
> > send the http requests that Squid is intercepting out of a different
> > interface than the default.
> >
> > Is this possible using Squid / IPTables? I've posted on the
>
> Shorewall
>
> > lists, as thats what I use on the firewall (Squid runs on the
>
> firewall,
>
> > btw). I'm not quite sure where I need to go next.
>
> You need iproute2 for this. Squid can't do what you want because
it's
> an
> application-layer proxy - it knows nothing about routing. Netfilter
> (iptables) can't do what you want because it just filters traffic
which
> would
> otherwise be routed (or it can alter sourc/destination addresses, but
> that's
> not what you want to do).
>
> Try http://www.linuxdocs.org/HOWTOs/Adv-Routing-HOWTO-3.html and
> http://www.lartc.org
>
> Antony.

-- 
All matter in the Universe can be placed into one of two categories:
1. things which need to be fixed
2. things which will need to be fixed once you've had a few minutes to
play 
with them
Received on Wed Sep 17 2003 - 15:37:27 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:56 MST