Re: [squid-users] satellite/using more that one outgoing IP

It is not yet part of Squid-2.5 but you are bringing it a lot closer by
testing the feature.

--
Henrik
Edward wrote:
> 
> Is tos part of squid 2.5 now?
> 
> Do we still have to patch it?
> 
> Thank you very much.
> 
> Best regards,
> 
> Edward Millington
> (Network Administrator & Senior Technical Support Technician)
> Cariaccess Communications Ltd.
> Wildey
> St. Michael
> Barbados
> 1-246-430-7435
> Fax : 1-246-431-0170
> www.cariaccess.com
> 
> ----- Original Message -----
> From: "Henrik Nordstrom" <hno@hem.passagen.se>
> To: "Edward" <edward@cariaccess.com>
> Sent: Monday, May 14, 2001 5:43 AM
> Subject: Re: [squid-users] satellite/using more that one outgoing IP
> 
> > Have added your message to the tosaddracl web site so it doesn't get
> > lost ;-)
> >
> > --
> > Henrik
> >
> > > Edward wrote:
> > > >
> > > > Hi there!
> > > >
> > > > Would you like to have more that one out going IP address for better
> > > > network management or for some other reason?
> > > >
> > > > Here is how you can do it.
> > > >
> > > > In this demonstration, I will be using a Cisco router w/ policy
> > > > routing enable.
> > > >
> > > > 1.  Suppose that you need to have different outgoing IP's for
> > > > different subnets or a group of IP's.
> > > >
> > > > 2. Suppose that you have a lan and Satelite connection.
> > > >
> > > >     Suppose that your satellite is only downstream. ie, you use your
> > > > lan connection for upstream and come back down satellite. You do not
> > > > route. All of the router across the world already know to route that
> > > > Class of Address to your satellite provide.
> > > >
> > > > 3. I was made arrear that Squid 2.5 w/
> > > > http://squid.sourceforge.net/tosaddracl/ will have this functionality.
> > > >
> > > > 4. Here is the info for using that parameter:
> > > >
> > > >
> > > > The tosaddracl branch on Sourceforge has now been cleaned up, and as a
> > > > result the configuration directives have changed sligthly.
> > > >
> > > > TAG: tcp_outgoing_address
> > > >
> > > > Allows you to map requests to different outgoing IP addresses based on
> > > > the username or sourceaddress of the user making the request.
> > > >
> > > >     tcp_outgoing_address ipaddr [[!]aclname] ...
> > > >
> > > > Example where requests from 10.0.0.0/24 will be forwareded with source
> > > > address 10.1.0.1, 10.0.2.0/24 forwarded with source address 10.1.0.2
> > > > and
> > > > the rest will be forwarded with source address 10.1.0.3.
> > > >
> > > >     acl normal_service_net src 10.0.0.0/255.255.255.0
> > > >     acl good_service_net src 10.0.1.0/255.255.255.0
> > > >     tcp_outgoing_address 10.0.0.1 normal_service_net
> > > >     tcp_outgoing_address 10.0.0.2 good_service_net
> > > >     tcp_outgoing_address 10.0.0.3
> > > >
> > > > Processing proceeds in the order specified, and stops at first fully
> > > > matching line.
> > > >
> > > > Here is a part of my squid.conf:
> > > > # Redirect for LAN & SAT
> > > >
> > > > acl sat1_service_net src 64.110.11.0/255.255.255.0
> > > >
> > > > acl sat2_service_net src 209.198.221.160/255.255.255.240
> > > >
> > > > tcp_outgoing_address 64.110.11.2 sat1_service_net
> > > >
> > > > tcp_outgoing_address 64.110.11.2 sat2_service_net
> > > >
> > > > tcp_outgoing_address 200.50.68.7
> > > >
> > > > # End
> > > >
> > > >
> > > > 5. Please remember that the IP addresses that you use must also be
> > > > config on the machine.
> > > >
> > > > 6. To have those outgoing IP's past through the router, here is a
> > > > sample config for the router:
> > > >
> > > > !
> > > > access-list 110 deny   tcp any any neq www
> > > > access-list 110 deny   tcp host 200.50.68.7 any
> > > > access-list 110 deny   tcp host 64.110.11.2 any
> > > > access-list 110 permit tcp any any
> > > > access-list 120 deny   tcp any any neq ftp
> > > > access-list 120 deny   tcp host 200.50.68.7 any
> > > > access-list 120 deny   tcp host 64.110.11.2 any
> > > > access-list 120 deny   tcp host 200.50.68.10 any
> > > > access-list 120 permit tcp any any
> > > > route-map squidcaching permit 10
> > > >  match ip address 110
> > > >  set ip next-hop 200.50.68.7
> > > > !
> > > > route-map squidcaching permit 120
> > > >  match ip address 120
> > > >  set ip next-hop 200.50.68.7
> > > > Now if you do not allow those ip address in your access-list, you will
> 
> > > > not be able to browse since it would be loop back to the cache machine
> > > >
> > > > Thank you very much.
> > > >
> > > > Best regards,
> > > >
> > > > Edward Millington
> > > > (Network Administrator & Senior Technical Support Technician)
> > > > Cariaccess Communications Ltd.
> > > > Wildey
> > > > St. Michael
> > > > Barbados
> > > > 1-246-430-7435
> > > > Fax : 1-246-431-0170
> > > > www.cariaccess.com
> >