3

I've been finally able to set my ubuntu 10.04 server as transparent proxy using squid. It works exactly like I wanted but I have a serious problem...

On both ethernet cards I have the chance to get on the internet (two different isps) but I'd like this server to use only eth1 to serve all internet requests.

So the final scheme would be using eth0 to collect all incoming proxy request and let squid gather information from the internet using the ultra speedy connection on eth1.

The problem is that I have a firewall connected to eth0: this firewall allows a branch office to get to proxy using a wifi bridge.

To ensure communication between branch office and proxy I'm forced to set as default gateway on eth0 my firewall which - sadly - also offers internet connection (but a slow one). Squid uses entirely eth0 to collect requests and get data from the internet.

I can't set an unique correct default gateway because in that case I'd not send packets back to our branch office using the wifi bridge.

I hope I've been a little clearer I'm sorry for my poor exposition.

My actual route shows:

Kernel IP routing table`
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.206.x.x   *               255.255.255.0   U     0      0        0 eth1
128.0.x.x       *               255.255.0.0     U     0      0        0 eth0
default         128.0.x.x    0.0.0.0         UG    100    0        0 eth0
default         193.206.x.x 0.0.0.0         UG    100    0        0 eth1

Any hints?

If you need any kind of details I'll post them.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
Pitto
  • 2,009
  • 10
  • 33
  • 49
  • Hi! Can you share your network design? please, i.e. where the proxy server must be in the network. – rendon Nov 09 '12 at 20:07

2 Answers2

2

Original

From a command prompt:

sudo route add default gw i.p.add.ress eth1

Then, in /etc/network/interfaces, add this line:

up route add default gw i.p.add.ress eth1

Of course, replacing i.p.add.ress with the gateway's IP in both lines.

Edit for new question

If you need to delete a route, just change "add" to "del". Example:

(command) sudo route del default gw 128.0.x.x eth0
(/etc/network/interfaces) up route del default gw 128.0.x.x eth0

You can set a static route for the branch office through the route command as well

route add -net (network_id/prefix) GW (gateway) (interface)
Hyppy
  • 15,608
  • 1
  • 38
  • 59
1

You have two problems: First, you need to make squid use the correct source IP address. Second, you need to make sure packets with that source IP address are steered to the correct gateway (source routing).

The first issue is a Squid issue. You can use Squid's tcp_outgoing_address to set the source IP address to the correct one.

tcp_outgoing_address 128.0.x.x

The second issue is a system configuration issue. You don't want to send packets with your 128.0.x.x source address out to the 193.206.x.x gateway, and vice versa. This is called source routing and is done with iptables.

The more sophisticated way to do it is to have two routing tables. One would be used for packets with 128.0.x.x source addresses and would have a default route to the 128.0.x.x gateway. Vice versa for the other. http://wlug.org.nz/SourceBasedRouting

David Schwartz
  • 31,449
  • 2
  • 55
  • 84