On Sunday 21 September 2003 10:42 pm, Robert Collins wrote:
> On Mon, 2003-09-22 at 07:22, boka wrote:
> > Hi !
> >
> > - required options to iptables:
> > PREROUTING -s 10.10.32.61 -i eth0 -p tcp -m tcp --dport 80 -j MARK
> > --set-mark 0x2
> > - table to rt_tables:
> > echo 202 www.out >> /etc/iproute2/rt_tables
> > - ip rule command:
> > ip rule add fwmark 2 table www.out
> > - ip route command (squid machine is in a different network than router)
> > ip route add default via 10.10.21.2 via 10.10.20.1 dev eth0 table www.out
>
> This looks suspect - two via' statements?
Indeed. I'm no iproute2 expert, but if 2 via statements is correct, then I
can only assume it's trying to do some sort of source routing - and you won't
find many routers (or even hosts) which will accept that sort of thing these
days...
> Secondly, if squid is not on the LAN attached to this router, you will
> need to perform similar ip route commands on the next router, otherwise
> it will route the traffic out via it's default route, (remember the
> destiation address is still for the internet, not for the squid
> address).
Good point, easily overlooked, I'm sure :)
Antony.
-- In Heaven, the police are British, the chefs are Italian, the beer is Belgian, the mechanics are German, the lovers are French, the entertainment is American, and everything is organised by the Swiss. In Hell, the police are German, the chefs are British, the beer is American, the mechanics are French, the lovers are Swiss, the entertainment is Belgian, and everything is organised by the Italians.Received on Sun Sep 21 2003 - 16:39:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:59 MST