[sdnog] configure outgoing configuration based on incoming ports
Patrick Okui
pokui at psg.com
Wed Jun 29 14:49:13 SAST 2016
Hi Samir, all,
On 29 Jun 2016, at 10:59 EAT, Samir S. Omer wrote:
> Hi all
>
> I'm configuring a Linux CentOS machine with multiple virtual IPs to
> run a squid service listening on different ports.
> how can I bind requests coming for each port to go through specific IP
> ?
>
> for example requests coming to port 8081 to go out with the IP
> 192.168.1.1 and requests coming through port 8082 goes out with IP
> 192.168.1.2
>
> incoming -> Squid -> Outgoing
> *:8081 -> Squid -> 192.168.1.1:80
> *:8082 -> Squid -> 192.168.1.2:80
You want the configuration directive tcp_outgoing_address (it won’t
fix the port number but it’ll fix the outgoing ip address).
Documentation for this is at
<http://www.squid-cache.org/Doc/config/tcp_outgoing_address/>
In short you also need an ACL to match the incoming packets. So
something along the following lines
acl net1 localport 8081
acl net2 localport 8082
tcp_outgoing_address 192.168.1.1 net1
tcp_outgoing_address 192.168.1.2 net2
Please read the configuration for tcp_outgoing_address, it lists some
configuration options it is incompatible with e.g TPROXY.
The ACL documentation is at <http://www.squid-cache.org/Doc/config/acl/>
If you have ipv6 on your network you also need a tcp_outgoing_address
entry either for each entry based on your port numbers or a general one
that matches all ipv6 addresses.
I’m curious though why you need to do this.
--
patrick
More information about the sdnog
mailing list