Hi to all For is just az concept question : There are a need to change something in Squid3 config when it are running in the same box as shorewall with 2 ISP ? I''ve been thinking in do this at home, as a proof of concept for future implememtations ... I allways use Roberto''s Debian package to implement Shorewall . Fábio Rabelo ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
On 8/19/2013 12:52 PM, Fábio Rabelo wrote:> For is just az concept question : > > There are a need to change something in Squid3 config when it are > running in the same box as shorewall with 2 ISP ? > > I''ve been thinking in do this at home, as a proof of concept for future > implememtations ... > > I allways use Roberto''s Debian package to implement Shorewall .Fábio, I use Squid3 on my 2-ISP gateway. I have added the following to squid.conf to be able to control which ISP is used by one of the clients: acl mac src 172.20.1.145/32 172.20.1.146/32 tcp_outgoing_address 67.170.121.6 mac acl rest src 172.20.0.0/22 tcp_outgoing_address 70.90.191.121 So the mac (172.20.1.145 and .146) use the ISP interface with address 67.170.121.6 and my other clients use the other interface. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
Tom Eastep skrev den 2013-08-19 23:59:> I use Squid3 on my 2-ISP gateway. I have added the following to > squid.conf to be able to control which ISP is used by one of the > clients: > > acl mac src 172.20.1.145/32 172.20.1.146/32 > tcp_outgoing_address 67.170.121.6 mac > > acl rest src 172.20.0.0/22 > tcp_outgoing_address 70.90.191.121replace with tcp_outgoing_address 67.170.121.6 !mac no ? it then saves one acl, and its more correct ip vise, but its screwed if there is more then 2 isps ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
El 19/08/13 18:59, Tom Eastep escribió:> Fábio, > > I use Squid3 on my 2-ISP gateway. I have added the following to > squid.conf to be able to control which ISP is used by one of the clients: > > acl mac src 172.20.1.145/32 172.20.1.146/32 > tcp_outgoing_address 67.170.121.6 mac > > acl rest src 172.20.0.0/22 > tcp_outgoing_address 70.90.191.121 > > So the mac (172.20.1.145 and .146) use the ISP interface with address > 67.170.121.6 and my other clients use the other interface.this is a great squid solution i have it working a lot of time and it''s great! you can decide your route based on extension too ex. make all ISO/EXE/RAR/ETC files go through ISP2 and the rest over ISP1 or based on domain ex Youtube over ISP1 and shorewall.net on ISP2. If you don''t make any adjustement on your squid.conf you will go through both ISP. this don''t balance your connections. Best regards. Emiliano. -- Emiliano Vazquez | PcCentro Informatica & CCTV Office: +54 (11) 4635-3218 y Rotativas Movil: 011-15-6253-7165 Mail: emilianovazquez@gmail.com Web: http://www.pccentro.com.ar ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
> > If you don't make any adjustement on your squid.conf you will go through > both ISP. this don't balance your connections.OK, it is working now . Is is possible to do load balance like Shorewall does ? fuction "delay_pool" in squid ? Pointing to a how-to would be more then enough ... thanks in advance ... Fábio Rabelo ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users