Policy routing and squid proxy



  • Hi, I'm running 1.2.3 (I'm going to upgrade, but before I need to solve this problem) and I'm experiencing a problem with policy routing and squid proxy. The machine has 2 WAN cards, and the squid is using the default one (i.e., WAN) to route http traffic. I want a set of hosts to be policy routed on the other card even for http traffic, so I placed a rule in the LAN tab, at the top of the list, that results as follows:

    pass in log quick on rl0 route-to (re2 188.219.X.X) inet from <ced>to any flags S/SA keep state label "USER_RULE: Policy routing re2"</ced> 
    

    that states that all the code that belongs to the CED alias must be routed thru the re2 interface, that is the second WAN in the firewall. While this works for all non-http traffic, still http traffic is routed thru the default WAN, as well as ICMP traffic (e.g., traceroute). Therefore in the proxy server configuration I placed the same ip addresses that appear in the CED alias into the Bypass proxy for these source IPs but nothing changed. The strange fact is that if I change the firewall rule from pass to block the traffic, even http, is blocked. Am I doing something wrong?
    Moreover, upgrading to 2, there will be any chance to policy routing even proxy traffic?



  • I've tried disabling the squid proxy at all, and then the policy routing works, but when squid is enabled the default wan is the one which makes the squid to exit the network. ANy suggestion?


Locked