On Tue, Jun 30, 2015 at 11:54 AM, Dimitry Andric <[email protected]> wrote:
> On 30 Jun 2015, at 18:48, Nick Rogers <[email protected]> wrote: > ... > > I am experiencing an issue with squid 3.5.5 and FreeBSD 10.1 where > > tcp_outgoing_address correctly rewrites the source address of outgoing > > packets, but fails to bind the socket to the correct interface. > > How do you arrive at this conclusion? In the rest of your mail I see no > squid configuration for this, e.g. you would have to use: > > http_port 10.8.8.10:3129 > > to explicitly bind to the first address on em1. You can add multiple > http_port settings to bind to multiple addresses. > The http_port directive is for the address/port squid listens on for incoming client connections to the proxy, not what it uses to initiate outbound HTTP connections. The tcp_outgoing_address directive is what controls the source IP of outbound requests to web servers. > > > I've been > > using this kind of setup/configuration for quite some time (since the > squid > > 2.7 days), so I believe something between FreeBSD 9.x and 10.1 has broken > > this behavior. FWIW squid 3.3.3 on FreeBSD 9.x behaves correctly with the > > same config. My understanding is that squid merely changes the source > > address as a hint to the kernel routing stack, which makes me believe the > > problem lies outside of squid. I've already sought out help from the > > squid-users mailing list and been told the same thing. > ... > > root# netstat -rn | grep default > > > > default 192.168.92.2 UGS em0 > > Do you have a route for 10.8.8.10 and similar? Those should point to > em1, obviously. If there is no specific route, those packets will > simply go to the default gateway. > 10.8.8.10 is an alias configured on em1. root# ifconfig em1 em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 00:0c:29:a3:33:7f inet 10.8.8.10 netmask 0xffffff00 broadcast 10.8.8.255 nd6 options=9<PERFORMNUD,IFDISABLED> media: Ethernet autoselect (1000baseT <full-duplex>) status: active root# netstat -rn | grep em1 10.8.8.0/24 link#1 U em1 Is that not sufficient for the kernel to know that packets with a source IP of 10.8.8.10 should egress em1, which has 10.8.8.10 configured via ifconfig? If I using ping -S the packets go out the correct interface (e.g., ping -S 10.8.8.10 10.8.8.250). > > -Dimitry > > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[email protected]"
