Re: [squid-users] Even/Odd SRC ACL

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 27 Jun 2014 19:04:41 +1200

On 27/06/2014 6:43 p.m., Nishant Sharma wrote:
> On Friday 27 June 2014 11:58 AM, Nishant Sharma wrote:
>>
>> On Friday 27 June 2014 10:05 AM, Amos Jeffries wrote:
>>>> acl even src 0.0.0.0/0.0.0.1
>>>> tcp_outgoing_address wan1 even
>>>> tcp_outgoing_address wan2 !even
>>>>
>> wan1 & wan2 in the config are the actual WAN IP Addresses (IPv4) and NAT
>> rules are properly set-up for both the WANs. If I divide the LAN into
>> two /25 subnets it works fine. But not with masked bits.
>>
>> Is there any debug option that I could enable to see how these ACLs are
>> being matched or by-passed? "debug_options ALL,9" can be an overkill for
>> this?
>
> Here are the debug logs. I see that it is trying to compare SRC-IP:Port
> pair against the ACL and result is always "0".
>
> Any pointers?

Ah, Squid-3 is using CIDR masking. Sorry should have remembered earlier
how strict this is.

The two /25 subnets (or groups of /26 etc) is the way to go.

Amos
Received on Fri Jun 27 2014 - 07:04:49 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 27 2014 - 12:00:05 MDT