multiple squid proxies routing on different internet connections
hello guys,
i am working to install two squid proxies on one same machine . ( that would not be difficult part i think ) . i have two different internet connections . and i want that if i install two proxies (say squid1 and squid2) the requests to internet from squid1 must be routed throug interface1 and request from squid2 routed through interface2. I have slight idea of working on iptables and routing commands but not able to implement the above scenario . please send me your suggestions in this regard. regards |
Hi there;
To be honest, I really don't know whether it is possible to run two instances of squid on the same host, but if it is, I don't think you'll achieve any load balancing with that - I'm assuming you want load balancing here... I never tried it before but if I had two connections to the Internet I'd use two different squid servers. They'd share a common DNS name and the name-to-ip conversion would return different ip addresses in a round-robin fashion, and thus effectively routing network requests for proxy-able protocols to both servers... But, like I said, never did it... If you make it work don't forget to tell me about it... :) Cheers |
bonowax thanks for your attention
i have got the idea what you are saying for load balancint and using dns with round robin address rosolution . well thanks for this . infact i am trying to find a way in which we can tell an application ( or force it using iptables ) to use a specific interface as its gateway . as squid would send its request to the default gateway of the machine but i want to change it . any thanks for your reply but still game is on |
Shahid,
You can certainly forward all the packets from interface 2 over to a different box & host another squid over it. And an existing present squid will serve from this box & interface 1 in a normal fashion. Try implementing this & tell me what are problems are you getting in it, someone including myself will definately help you out. Though i assure you that this setup will definately work. |
thanks amit ,
is it possible to tell squid to send its internet requests from a specific interface , or can we tell squid to run on specific and use iptables to SNAT on the basis of these ports and so it will be made to route on specific interface . in short can we have a source port based routing table. |
Quote:
Source port based routing : In a normal scenario; we usually mark packets with iptables (on source port or any other field)& then with ip rule & ip route we can re-route it to go via another interface(other than default one). p.s: sorry for the delayed reply. |
thanks for reply
dear ashmit thanks for your reply
infact someone suggested me to use tcp_outgoing_address option in squid but that is also not working for me yes you are right how we will assign source port for squid in this scenarion ..... i am looking on it stilll , hope we find ssomething again thanks for being there regards shahid bashir |
Quote:
@ Your setup : So you must be having two adsl/broadband connections & both of them are terminated at a single box & instead of doing a load balancing with them; you want both of them to serve two different client-sets sepearately. RIGHT ??? @ two proxy setup : Yes you can do that; untill & unless they are maintaing two different heirarchy for their respective files; it shouldnt be any problem. Though with tcp_outgoing_address option.. you really do not need two different squid installations at a single box. A single squid with tcp_outgoing_address interface1-ip CLIENT-SET1 tcp_outgoing_address interface2-ip CLIENT-SET2 However the problem you'll face here is that you cant have two default gateways over @ your box & hence the traffic to interface(without-gateway)*-ip would not go out because of the lack of a gateway-ip at it. Hey... shahid.. with the help of MARKING packets on base of client-sets; & SNATing (iptables) we can achieve what you are looking for. (this doesnt require squid in b/w) For one client-set we'll do a SNATing (pass onto default gateway) For other client-set we'll set marks & then with iprule & ip route we'll pass on them to other gateway. Thats it !!! |
Shahid i have found one more solution for you;
With squid; setup two client-set to leave your box with two different interfaces e.g. Code:
tcp_outgoing_address if1-add client-set1 create ip rule to do src-address based routing & forward this to a table1 again the same way; do src-address based routing for if2-add & then forward this to table2 & finally you got lay out the routes in both of those two tables Code:
ip rou add via if1-GW table1 |
squid with two gateway
Hi amitsharma
i hv configure squid 2.6 on centos 5.5 squid box hv 3 NIC eth0= ISP1 eth1= ISP2 eth2= LAN i follow following sanrio In the following scenario I will assume you have two links from two ISP assigned to the same linux box on eth0 & eth1 : WAN1 WAN2 IP 192.168.0.10 GW 192.168.0.1 IP 172.16.0.10 GW 172.16.0.1 eth0 eth1 eth2 IP 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 In our scenario , we want client 10.0.0.2 to reach internet through 192.168.0.10 interface and 10.0.0.3 go through 172.16.0.10. _________________________________________________________________________________________ First let's take a look at our routing table : route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 172.16.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 Note that we have only one default gateway which is 192.168.0.1 through which all of our outoing traffic goes to , now we need to add another gateway to the system , but without affecting the default one. In the following steps we will create new routing table for our second link on 172.16.0.10 and route traffic originating from this ip through 172.16.0.1 echo “1 isp2” >> /etc/iproute2/rt_tables ip route add 172.16.0.0/24 dev eth1 src 172.16.0.10 table isp2 ip route add default via 172.16.0.1 dev eth1 table isp2 ip rule add from 172.16.0.10/24 table isp2 ip rule add to 172.16.0.10/24 table isp2 Now we are doing with IP routing stuff , to test that your routing table is working probably try doing traceroute using each interface at a time : #traceroute *i eth0 8.8.8.8 1 192.168.0.1 (192.168.0.1) 0.356 ms 0.486 ms 0.513 ms 2 xxx.xx.xxx.x (xxx.xx.xxx.x) 1.813 ms 2.365 ms 2.356 ms 3 84*235*111*9.igw.com.sa (84.235.111.9) 26.949 ms 26.948 ms 27.184 ms #traceroute *i eth1 8.8.8.8 1 172.16.0.1 (172.16.0.1) 1.046 ms 1.207 ms 1.898 ms 2 10.0.1.1 (10.0.1.1) 5.602 ms 5.605 ms 5.743 ms 3 79.133.88.13 (79.133.88.13) 104.516 ms 104.555 ms 104.850 ms Now we are done with routing , let's me to squid.conf _________________________________________________________________________________________ Squid Part : Now we have three clients using our squid server , we want to map them to different outoing ip addresses : 10.0.0.2 => 192.168.0.2 10.0.0.3 => 172.16.0.2 10.0.0.4 => 172.16.0.2 As you see , requests from 10.0.0.2 must go through 192.168.0.2 and others go through 172.16.0.2. In squid.conf add : acl wan1_clinets src 10.0.0.2 acl wan2_clients src 10.0.0.3 acl wan2_clients src 10.0.0.4 tcp_outgoing_address 192.168.0.2 wan1_clients tcp_outgoing_address 172.16.0.2 wan2_clients ------------------------------------------------------- but traffic go to default gatway, kindly correct me |
All times are GMT -5. The time now is 05:04 PM. |