Squid on second WAN

[Abriel]

Welcome!

First, sorry for my bad English.
Second,

My box has two connections to the Internet [tun0=192.168.1.100, re0=10.0.0.11] and one LAN [rl1 172.21.0.1, 172.21.0.0/16] connection.

I manage to setup two routing tables with default gateways.

/usr/sbin/setfib 0 route delete default
/usr/sbin/setfib 0 route add    default 192.168.20.1
/usr/sbin/setfib 1 route delete default
/usr/sbin/setfib 1 route add    default 10.0.0.1

I am using pf, and everything works like charm on first route table. When i switch LAN to go by re0

pass in log (all) from $lan to any rtable 1

it works,
but if i add

rdr on $int_if proto tcp from $lan to any port www -> $gw port 3128

squid is using first route table.

I was trying with tcp_outgoing_address 10.0.0.1 LAN, but this doesn't work, even on first route.

Is this problem of squid, or my rules sucks?

 

[SirDice]

You'll need to tell squid to use the second routing table. PF has no control over this as it correctly handed it over to squid. It's squid that actually makes the connection so it's squid that needs to use the other routing table.

 

[DutchDaemon]

So all you need to do is add 'squid' to the proper setfib line, as the manual (setfib(1)) clearly illustrates.

 

[Abriel]

I was trying with

squid_fib=1

in rc.conf, but it did not help.

 

[DutchDaemon]

I don't think making up your own syntax will help (unless you have documentation for what you used). This looks like something that should be started, with the proper syntax, from either /etc/rc.local, or from cron.

 

[Abriel]

Yes, you have right.

setfib -F 1 /usr/local/sbin/squid /usr/local/etc/squid/squid.conf

make the deal. Solved