I have a router OS box setup with a hard drive for proxy data, i have 2 PPPoE realms for incomming connections. the idea was to have one wth high priority and real IP addresses and the other would be lower priority with nated ip's.

On the gateway side i have a vlan switch with vlan2 being feed via a high grade link and vlan3 being feed via a lower grade link.

PPPoE1 clients are supposed to be able to pull their bandwith from VLAN1
PPPoE2 clients are supposed to be able to pull their bandwith from VLAN2

This all works well however as soon as I installed the proxy all port 80
traffic was captured and redirecred out one gateway.

I have tried both Proxy, Web-Proxy but have not tried the testing version. Is there a way to re-capture the connection and redirect it our the correct route? or make the proxy go into a true transparent mode whreas the users real IP address is used for obtaining the data from the remote server?

Thanks in advance
Andrew

Policy routing won't work on a src-address bases here. The proxy will rewrite the request's src-address as the proxy makes the request, not the client.

The only thing I can think of right now in my tired state, is to mark packets based on the different clients, and then route based on the packet mark - but even that may get messed up with the proxy.

Ideally, you would want to have a proxy on each realm, or a proxy on each link. The two proxies can be configurd to peer so that they will still fetch objects from each other that is in their respective caches.

I personally, would just set up two routers (and thus two proxies) to handle the different types of PPPoE, but I guess it's not always feasable.

--
C

Thanks,

The more i looked at it the worse it got and i may just build a bridge box with vlan support and transparent proxy so as to resolve the issue however....

MT. For xmas could you please add the ability to add seperate proxy servers for each pppoe realm that would fix the problem and should not add too much in the way over overhead. lets face it for those of us who are using proxy there is a good chance we have added a large HDD to the machine and an even better chance we are using something with a ton of ram and heaps of processing power.

MT. For xmas could you please add the ability to add seperate proxy servers for each pppoe realm that would fix the problem and should not add too much in the way over overhead. lets face it for those of us who are using proxy there is a good chance we have added a large HDD to the machine and an even better chance we are using something with a ton of ram and heaps of processing power.

Squid doesn't support using multiple source addresses for requests... Unless they run seperate daemons (which will kill system resources), I think it would be kinda impossible.

--
C

If MT uses squid 3 then this option looks like it will do the job.

TAG NAME tcp_outgoing_address

Description Allows you to map requests to different outgoing IP addresses based on the username or source address of the
user making the request
Build Option
Default

Usage
tcp_outgoing_address ipaddr [[!]aclname] ...
Default
none



Synopsis
Processing proceeds in the order specified, and stops at first fully matching line.

Arguments
ipaddr
Outgoing ip address

aclname
Access lists


Example(s)
acl normal_net src 172.16.1.0/24
tcp_outgoing_address 172.16.1.53 normal_net
Here requests from machines in network 172.16.1.0 will be sent as request from 172.16.1.53 to the origin server.

Hmm yes - that's new for me Nice find.

Perhaps we can see this in MT once ACLs are better implemented...

--
C

Any idea what version they are running? I have shut squid down on the box and cant look it up again. Im not sure if its possible but if they are using 3 instead of using their interface to config squid could a script not be written to set up the reletive variables?

That is unless there is a way to hack the config file.