Date: Tue, 30 Jun 2015 14:36:07 -0700 From: Nick Rogers <ncrogers@gmail.com> To: Dimitry Andric <dim@freebsd.org> Cc: "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org> Subject: Re: www/squid: tcp_outgoing_address binds to wrong interface Message-ID: <CAKOb=Ya8prkcy-kqCqDYkiMi=2f95Z2bojc14nGg_o%2BXcwnQZQ@mail.gmail.com> In-Reply-To: <10633AE6-097E-4F08-AEA0-8E78632F2BCD@FreeBSD.org> References: <CAKOb=YbDvJXETVdZFxVnZ=x%2BDqCCtRer91WHBKDBP_Qh=1JX%2Bg@mail.gmail.com> <10633AE6-097E-4F08-AEA0-8E78632F2BCD@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 30, 2015 at 11:54 AM, Dimitry Andric <dim@freebsd.org> wrote: > On 30 Jun 2015, at 18:48, Nick Rogers <ncrogers@gmail.com> wrote: > ... > > I am experiencing an issue with squid 3.5.5 and FreeBSD 10.1 where > > tcp_outgoing_address correctly rewrites the source address of outgoing > > packets, but fails to bind the socket to the correct interface. > > How do you arrive at this conclusion? In the rest of your mail I see no > squid configuration for this, e.g. you would have to use: > > http_port 10.8.8.10:3129 > > to explicitly bind to the first address on em1. You can add multiple > http_port settings to bind to multiple addresses. > The http_port directive is for the address/port squid listens on for incoming client connections to the proxy, not what it uses to initiate outbound HTTP connections. The tcp_outgoing_address directive is what controls the source IP of outbound requests to web servers. > > > I've been > > using this kind of setup/configuration for quite some time (since the > squid > > 2.7 days), so I believe something between FreeBSD 9.x and 10.1 has broken > > this behavior. FWIW squid 3.3.3 on FreeBSD 9.x behaves correctly with the > > same config. My understanding is that squid merely changes the source > > address as a hint to the kernel routing stack, which makes me believe the > > problem lies outside of squid. I've already sought out help from the > > squid-users mailing list and been told the same thing. > ... > > root# netstat -rn | grep default > > > > default 192.168.92.2 UGS em0 > > Do you have a route for 10.8.8.10 and similar? Those should point to > em1, obviously. If there is no specific route, those packets will > simply go to the default gateway. > 10.8.8.10 is an alias configured on em1. root# ifconfig em1 em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 00:0c:29:a3:33:7f inet 10.8.8.10 netmask 0xffffff00 broadcast 10.8.8.255 nd6 options=9<PERFORMNUD,IFDISABLED> media: Ethernet autoselect (1000baseT <full-duplex>) status: active root# netstat -rn | grep em1 10.8.8.0/24 link#1 U em1 Is that not sufficient for the kernel to know that packets with a source IP of 10.8.8.10 should egress em1, which has 10.8.8.10 configured via ifconfig? If I using ping -S the packets go out the correct interface (e.g., ping -S 10.8.8.10 10.8.8.250). > > -Dimitry > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKOb=Ya8prkcy-kqCqDYkiMi=2f95Z2bojc14nGg_o%2BXcwnQZQ>