How to ip route, ip rule, split traffic, squid設定 複数NIC、複数proxy port
root@server:#cat /etc/iproute2/rt_tables
#
# reserved values
#
233 local
244 main
255 default
0 unspec
#
# local
#
#1 inr.ruhep
200 T1
201 T2
root@server:# ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
root@server:# ip route
default via 192.168.2.1 dev eth0 metric 100
111.111.111.1 dev ppp0 proto kernel scope link src 111.111.111.111
222.222.222.1 dev ppp1 proto kernel scope link src 222.222.222.222
192.168.1.0/24 dev wlan1 proto kernel scope link src 192.168.1.3
192.168.3.0/24 dev wlan0 proto kernel scope link src 192.168.3.5
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.7
root@server:# ip rule add from 111.111.111.111/32 table T1
root@server:# ip route add default via 111.111.111.111 table T1
root@server:# ip route show table T1
default via 111.111.111.111 dev ppp0
root@server:# ip rule
0: from all lookup local
32765: from 111.111.111.111 lookup T1
32766: from all lookup main
32767: from all lookup default
root@server:# ip rule add from 222.222.222.222/32 table T2
root@server:# ip route add default via 222.222.222.222 table T2
root@server:# ip route show table T2
default via 222.222.222.222 dev ppp1
root@server:# ip rule
0: from all lookup local
32764: from 222.222.222.222 lookup T2
32765: from 111.111.111.111 lookup T1
32766: from all lookup main
32767: from all lookup default
( http://lartc.org/howto/lartc.rpdb.multiple-links.html )
/etc/squid/squid.conf
# TAG: acl
# Defining an Access List
#
#~~~
acl proxy_user8080 myport 8080
acl proxy_user8181 myport 8181
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
# TAG: http_port
# Usage: port [options]
# hostname:port [options]
# 1.2.3.4:port [options]
#~~~
# visible on the internal address.
#
# Squid normally listens to port 3128
http_port 8080
http_port 8181
# TAG: https_port
# Note: This option is only available if Squid is rebuilt with the
# --enable-ssl option
~~~
# TAG: tcp_outgoing_address
# Allows you to map requests to different outgoing IP addresses
# ~~~
#Default:
# none
###Auto tcp_outgoing_address setting start###
tcp_outgoing_address 14.155.64.234 proxy_user8080
tcp_outgoing_address 14.155.64.139 proxy_user8181
###Auto tcp_outgoing_address setting end###
# TAG: zph_mode
# This option enables packet level marking of HIT/MISS responses,
root@server:# curl -x localhost:8080 http://checkip.dyndns.com
root@server:# curl -x localhost:8181 http://checkip.dyndns.com
