In Thailand leased lines (which come with fixed IP addresses) are expensive. Home ADSL use is comparatively cheap (no fixed IPs). As an example, a 256 kb leased line costs about USD 250 a month, whereas a 1024/256 ADSL connection is about USD 20 a month.
Our Astaro configuration has a leased line connection on one interface, and a connection to our ADSL router via a separate interface. The separate interface (10.0.1.1) connects to our ADSL router (10.0.1.2). We wanted to redirect our non critical HTTP traffic through the ADSL router, but for the traffic to go through our proxy, as we use policies and Cobion.
We tried doing this with policy based routing, however this was generally unsuccessful - some sites worked, some didn't. Advice from Astaro indicated that they had problems as well when trying to redirect proxy traffic using PBR.
What we are now testing (with success at this point) is the following.
We have Modified /var/chroot-squid/etc/squid.conf and squid.conf.default to include at the beginning (so as to find it easily later!)
tcp_outgoing_address 10.0.1.1
We then login to Astaro shell as root and execute three commands:
ip rule add from 10.0.1.1 table 200
ip route add default via 10.0.1.2 dev eth2 table 200
ip route flush cache
From that point all of our HTTP proxy traffic is routed through our ADSL connection. Cobion works and policies work. Not only that, it allows us to utilise our leased line for critical traffic and prioritise VoIP traffic without affecting other HTTP traffic. Also HTTP traffic is generally faster as we tend to average close to the theoretical maximum through the ADSL connection, versus the slower leased line traffic.
If the Astaro restarts, or the proxy restarts, we then need to execute the three routing commands again. We are thinking to run a cronjob to check the route every 5 minutes, and run the commands again if necessary.
Whilst I am aware that these changes may void the support agreement, they provide an important solution for our bandwidth problems, with at this point minimal perceived risk.
I would appreciate any feedback on alternatives to this, or perhaps gotcha's that we have overlooked in our current setup.
This thread was automatically locked due to age.
