Just to make sure things are understood. There is one big difference between windows and Linux handling connections and traffic.
Linux can accept traffic on a specific interface but route the outgoing packet via another interface. It’s a feature of the Linux Routing and Networking Kernel stack. Sometimes it can bite the admin/user and while on windows the connection(TCP) will always be routed or put into the right cable in Linux you need a little be connection marking, mangling and routing marking to make sure that the traffic will be passed to the right gateway. It’s a bit hard to understand what happens currently on your system. All The Bests, Eliezer ---- <http://ngtech.co.il/lmgtfy/> Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of davidjesse...@aol.com Sent: Saturday, June 16, 2018 7:16 AM To: rouss...@measurement-factory.com; squid-users@lists.squid-cache.org Subject: Re: [squid-users] iptables setup for tcp_outgoing_address I tried curl --interface 172.16.11.107 <http://www.example.com/> http://www.example.com yesterday and it worked fine, but now it looks like it does not work. Just hangs forever. So there is an issue there for sure. I will try to find out why it's not working. -----Original Message----- From: Alex Rousskov <rouss...@measurement-factory.com <mailto:rouss...@measurement-factory.com> > To: davidjesse091 <davidjesse...@aol.com <mailto:davidjesse...@aol.com> >; squid-users <squid-users@lists.squid-cache.org <mailto:squid-users@lists.squid-cache.org> > Sent: Fri, Jun 15, 2018 11:43 pm Subject: Re: [squid-users] iptables setup for tcp_outgoing_address On 06/15/2018 05:12 PM, davidjesse...@aol.com <mailto:davidjesse...@aol.com> wrote: > if I use another interface's IP address > for tcp_outgoing_address on my Linux machine then web pages don't load. Does using "another interface" IP address work with curl or wget executed on the Squid Linux box? curl --interface 172.16.11.107 http://www.example.com wget --bind-address=172.16.11.107 http://www.example.com Alex. > -----Original Message----- > From: Alex Rousskov <rouss...@measurement-factory.com > <mailto:rouss...@measurement-factory.com> > > To: davidjesse091 <davidjesse...@aol.com <mailto:davidjesse...@aol.com> >; > squid-users > <squid-users@lists.squid <mailto:users@lists.squid> -cache.org> > Sent: Fri, Jun 15, 2018 7:01 pm > Subject: Re: [squid-users] iptables setup for tcp_outgoing_address > > On 06/15/2018 04:42 PM, davidjesse...@aol.com <mailto:davidjesse...@aol.com> > <mailto:davidjesse...@aol.com <mailto:davidjesse...@aol.com?> > wrote: > >> I want to connect to Squid proxy using 192.168.1.212 and if I am >> connecting using port 11000, > > I assume you meant "connecting to port 11000" (there is also the client > source port, but it should not matter here). > > >> I want squid to have the traffic go out of the 172.16.11.107 IP > > >> http_port 11000 name=port_11000 >> acl port_11000_acl myportname port_11000 >> tcp_outgoing_address 172.16.11.107 port_11000_acl > > Looks good to me, provided all your outgoing traffic goes to IPv4 > addresses (no IPv6). > > >> What would I need to do with iptables to make this work? > > Why do you think you need iptables? What does not work if you do not use > IP tables? > > > Alex.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
