On 1/03/2014 10:33 p.m., Kevin Lesage wrote:
> Hello,
> i'm using pfsense 2.1 with squid 3.1.20.
>
> I have 2 Wan and 2 Lan interfaces :
> Wan1 : 10.0.0.100/24 => Gateway 10.0.0.138/24 (default)
> Wan2 : 192.168.1.100/24 => Gateway 192.168.1.100/24
> Lan1 : 192.168.50.0/24
> Lan2 : 172.16.0.0/16
>
> With firewall rules, i can get computers from Lan1 subnet access to
> internet only through WAN1, and computers from Lan2
>
> Subnet only through WAN2.
>
> But wen I ask Squid to bind interfaces LAN1 and LAN2, and add customs
> options :
>
> acl LAN1 src 192.168.50.0/24
> acl LAN2 src 172.16.0.0/16
> tcp_outgoing_address 10.0.0.100 LAN1
> tcp_outgoing_address 192.168.1.100 LAN2
>
> all http traffic passes through only one WAN gateway, which is
> 10.0.0.138 (default)!
>
> How can i do?
Squid does not "bind interfaces" and neither does it have anything
directly to do with routing decisions. All it does is set the source IP
address on outgoing packets and let the OS decide which interface is used.
Two things may be happening:
1) If neither of your ACLs are matching the default/master IP for the
machine will be used instead of the configured ones. Usually that is the
primary IP on eth0.
2) Routing rules are usually based on destination IP in my experience,
rather than source IPs. If your gateway descision is indeed based on
10.0.0.0/24 and 192.168.1.0/24 networks then all other packets includign
those destined to Internet ranges will be using the default gateway.
Amos
Received on Sat Mar 01 2014 - 10:54:26 MST
This archive was generated by hypermail 2.2.0 : Sun Mar 02 2014 - 12:00:03 MST