- Squid + 2 bridges
+ Responder ao Tópico
-
Squid + 2 bridges
Olá a todos, Estou tentando executar a seguinte configuração (Eu estou usando google traductor)
Debian Etch 4.0 r8, kernel 2.6.18-6, bridge utils, squid 2.6, tproxy 2
IMAGEN http://img524.imageshack.us/img524/2645/twobridge.jpg
router1 - router 2 = mikrotik load balancing 6 wan c/u
/etc/network/interfaces
#-------------------
# Bridge router1
#-------------------
auto br1
iface br1 inet static
bridge_ports eth0 eth1
address 10.1.1.2
netmask 255.255.255.0
gateway 10.1.1.1
#-------------------
# Bridge router2
#-------------------
auto br2
iface br2 inet static
bridge_ports eth2 eth3
address 20.1.1.2
netmask 255.255.255.0
gateway 20.1.1.1
/etc/squid/squid.conf
http_port 5128 tproxy transparent
visible_hostname squid
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_objet
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1024-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 901
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_PORTS
acl redlocal src 0.0.0.0/0
http_access allow localhost
http_access allow redlocal
http_access deny all
cache_mem 850 MB
maximum_object_size_in_memory 150 KB
maximum_object_size 20 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 50000 16 256
access_log /var/log/squid/access.log
refresh_pattern ^ftp: 15 20% 4560
refresh_pattern ^gopher: 15 0% 4560
refresh_pattern . 15 20% 4560
/etc/sysctl.conf
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.all.forwarding=1
Isso funciona bem. cada bridge usa su gateway
Quando eu adicionar as seguintes linhas iniciar o cache do squid, o problema é o tráfego que utiliza apenas um bridge
iptables -t tproxy -A PREROUTING -i br1 -p tcp --dport 80 -j TPROXY --on-port 5128
iptables -t tproxy -A PREROUTING -i br2 -p tcp --dport 80 -j TPROXY --on-port 5128
Como eu faço cada bridge usando seu gateway?