I think this is the right place to ask: I''m using - kernel 2.4.9 - iptables as firewall - iproute2 with rule-based routing. - squid two internet-connection: - 1 ADSL-based link with dynamic ip-adresses - 1 static isdn-line with fixed ip-adresses Everything is working but squid isn''t. Any idea why? how is the loopback-traffic handled with my two new tables? Squid uses to work as a transparent-proxy with all the iptables-stuff. When I''m working with the normal routing-tables and one internet-connection. Everything is ok. I use two rules (first for user-browsing, second for mail-traffic): ip rule add from 192.168.1.128/25 table www.out ip rule add from 192.168.1.6 table mail.out # default route is reset to p-t-p-adress of ppp, when ppp comes down again, because of idle-state ip route delete default # this part is done dynamically when ppp comes up ip route add default via x.x.x.x table www.out ip route add 192.168.1.0 via y.y.y.y table www.out # this part is setup with the firewall start ip route add default via z.z.z.z table mail.out ip route add 192.168.1.0 via y.y.y.y table mail.out Thanks in advance Martin Kellner
On Sun, Sep 23, 2001 at 09:04:14PM +0200, Martin Kellner <mhkellner@gmx.de> wrote a message of 100 lines which said:> Everything is working but squid isn''t.BTW, Squid allows you to set the source IP address, which is convenient in similar cases (we have a setup which is close from yours). Otherwise, can you check Squid''s cache.log to see if something is logged?
Stephane Bortzmeyer schrieb:> > On Sun, Sep 23, 2001 at 09:04:14PM +0200, > Martin Kellner <mhkellner@gmx.de> wrote > a message of 100 lines which said: > > > Everything is working but squid isn''t. > > BTW, Squid allows you to set the source IP address, which is > convenient in similar cases (we have a setup which is close from > yours). > > Otherwise, can you check Squid''s cache.log to see if something is > logged?It''s working now. My router is based on a suse 7.1 distribution. I removed all the network- and routing-initialisation-scripts. It is now done with iproute2-commands. The problems came somehow from how the lo-device was handled. There are still some messages in /var/log/messages coming from my iptables-script but it is ok. Thank you Martin Kellner