1

I have a debian server with one incoming interface (eth1) and three modems (modem1, modem2, modem3). There's an instance of squid on this server, listening on three consecutive ports (3128, 3129, 3130 to be specific).

I was able to set up to route all packets coming from eth1 to one of the modems, but I need to route packets based on which port the client is connected to. E.g., if client uses 192.168.138.2:3128 as a proxy, then route his packets through 192.168.6.1, which is modem1's ip address. Is it possible?

I do no require step-by-step solution, I'll be happy just with a term to google or something like this, because currently I'm just stuck.

Tim
  • 11
  • 2
  • If clients were routed through the server it would be reasonably straightforward, but because the connection terminates at Squid, and then Squid is making a new connection out over a modem, you've lost the destination port that the client is connected to. – bodgit Sep 12 '19 at 16:16

2 Answers2

1

What you need is policy based routing. See man ip-rule.

ip rule add dport 3128 table 100
ip rule add dport 3129 table 101
ip rule add dport 3130 table 102

Now you can create different routing tables

ip route add default via 192.168.6.1 table 100
ip route add default via 192.168.6.2 table 102
ip route add default via 192.168.6.3 table 102

The table numbers are more or less arbitrary, as long as you don't use predefined numbers.

RalfFriedl
  • 3,108
  • 4
  • 13
  • 17
  • how would this apply to the traffic generated by the squid process, which will be arbitrary destination ports? – Mark Wagner Sep 12 '19 at 17:34
  • It seems I misunderstood your question. If you run **one** instance of Squid, there is no connection between the accepting port and the outgoing connections. You could use three instances running as different users with different rules. – RalfFriedl Sep 12 '19 at 17:38
0

Managed to do everything. An example for just 2 interfaces

  1. Create acl for every port in squid.conf
acl ip1 myport 3128
acl ip2 myport 3129
  1. set up tcp_outgoing_address for both acl
# 192.168.6.2 - address that first modem gave us
tcp_outgoing_address 192.168.6.2 ip1
tcp_outgoing_address 192.168.7.2 ip2
  1. create routing tables for both interfaces
echo "201 out1" >> /etc/iproute2/rt_tables 
echo "202 out2" >> /etc/iproute2/rt_tables
  1. and set them up
ip route add 192.168.6.0/24 dev enp2s0u1u3 src 192.168.6.2 table out1
ip route add default via 192.168.6.1 table out1

and the same for another interface

  1. add now-making-sense rule, which wasn't here before
sudo ip rule add from 192.168.6.2 table out1
sudo ip rule add from 192.168.7.2 table out2

Now everything works as expected.

Tim
  • 11
  • 2