From owner-freebsd-ports@freebsd.org Tue Jun 30 18:54:36 2015 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 39DD6990573 for ; Tue, 30 Jun 2015 18:54:36 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from tensor.andric.com (tensor.andric.com [87.251.56.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "tensor.andric.com", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F01862DA9 for ; Tue, 30 Jun 2015 18:54:35 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from [IPv6:2001:7b8:3a7::4163:1d3:49c2:4bcb] (unknown [IPv6:2001:7b8:3a7:0:4163:1d3:49c2:4bcb]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id 439C91DB1D; Tue, 30 Jun 2015 20:54:26 +0200 (CEST) Subject: Re: www/squid: tcp_outgoing_address binds to wrong interface Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) Content-Type: multipart/signed; boundary="Apple-Mail=_367B1294-335C-4B3F-A785-73FEBB30969E"; protocol="application/pgp-signature"; micalg=pgp-sha1 X-Pgp-Agent: GPGMail 2.5 From: Dimitry Andric In-Reply-To: Date: Tue, 30 Jun 2015 20:54:41 +0200 Cc: "freebsd-ports@freebsd.org" Message-Id: <10633AE6-097E-4F08-AEA0-8E78632F2BCD@FreeBSD.org> References: To: Nick Rogers X-Mailer: Apple Mail (2.2098) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jun 2015 18:54:36 -0000 --Apple-Mail=_367B1294-335C-4B3F-A785-73FEBB30969E Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii On 30 Jun 2015, at 18:48, Nick Rogers wrote: ... > I am experiencing an issue with squid 3.5.5 and FreeBSD 10.1 where > tcp_outgoing_address correctly rewrites the source address of outgoing > packets, but fails to bind the socket to the correct interface. How do you arrive at this conclusion? In the rest of your mail I see no squid configuration for this, e.g. you would have to use: http_port 10.8.8.10:3129 to explicitly bind to the first address on em1. You can add multiple http_port settings to bind to multiple addresses. > I've been > using this kind of setup/configuration for quite some time (since the squid > 2.7 days), so I believe something between FreeBSD 9.x and 10.1 has broken > this behavior. FWIW squid 3.3.3 on FreeBSD 9.x behaves correctly with the > same config. My understanding is that squid merely changes the source > address as a hint to the kernel routing stack, which makes me believe the > problem lies outside of squid. I've already sought out help from the > squid-users mailing list and been told the same thing. ... > root# netstat -rn | grep default > > default 192.168.92.2 UGS em0 Do you have a route for 10.8.8.10 and similar? Those should point to em1, obviously. If there is no specific route, those packets will simply go to the default gateway. -Dimitry --Apple-Mail=_367B1294-335C-4B3F-A785-73FEBB30969E Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.27 iEYEARECAAYFAlWS5fkACgkQsF6jCi4glqNbAwCg8a5DeVdpwcM/N2WWlEag9VBi 3yQAn15DrmW0cafYUvxFPeZeqrel+2vs =CMXe -----END PGP SIGNATURE----- --Apple-Mail=_367B1294-335C-4B3F-A785-73FEBB30969E--