john wrote:
> Hi,
> I seem to be running in to a problem with tcp_outgoing_address binding
> to the incorrect interface address when sending traffic.
>
> I have a private subnet which is not routable which I use squid to reach
> stuff on. This is on a seperate network interface on the server. Squid
> also sends other traffic out to the Internet (which seems to work fine).
>
> What I find is that when trying to connect to stuff on the non-routable
> subnet, it takes two requests from the browser to access it.
>
> I have squid configured with an acl:
>
> acl local_network dst 10.0.0.0/16
"dst" requires a DNS lookup. This is a "slow" category ACL as we call it
in Squid.
>
> and with the tcp_outgoing_address section as follows:
>
> tcp_outgoing_address 10.0.0.254 local_network
> tcp_outgoing_address <real ip> !local_network
tcp_outgoing_address is a "fast" category lookup. Which has no guarantee
of working when using "slow" category ACL types.
You need to get the "dst" lookup results cached in squid memory by an
earlier "slow" category lookup. http_access is good for this.
One http_access line which does the lookup (for example, the line which
permits that client access to the local_network area) will make the
address lookup work in most requests (emphasis on "most", no guarantees).
Amos
-- Please be using Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25 Current Beta Squid 3.1.0.18Received on Sat Mar 20 2010 - 00:42:53 MDT
This archive was generated by hypermail 2.2.0 : Sat Mar 20 2010 - 12:00:05 MDT