hi all, i've squid-cache v25-STABLE10 running on a OSX 10.4.2 box.currently, squid successfully 'front-ends' Privoxy & Tor, routing all lan-originated traffic out to the internet via the anonimizing OnionRouter network.
in effect, i have:
local apps (ip:10.0.0.xx)
|
|
-----------
|
| (ip:10.0.0.2)
|----------------------------|
| -------------------------- |
| | Squid | |
| | listen: 10.0.0.2:8888 | |
| | listen: 127.0.0.1:8888 | |
| -------------------------- |
| |
| -------------------------- |
| | Privoxy | |
| | listen: localhost:8118 | |
| -------------------------- |
| |
| -------------------------- |
| | Tor | |
| | listen: localhost:9050 | |
| -------------------------- |
|----------------------------|
| (ip:10.0.0.2)
|
| (ip:10.0.0.1)
|----------------------------|
| NAT Router |
| iptables |firewall |
|----------------------------|
| (ip:A.B.C.D)
|
Onion
Router
Network
|
|
public internet
of course, along the way to the above config, i've had squid operating
'standalone' as a 1st step ...
####################################################################
my QUESTION is:
can i have BOTH configs simultaneously available to LAN clients,
based on a user-selectable squid proxy port?
and, if i can, should i be using a single /cache-dir, or multiple?
####################################################################
what i'm looking for (i think ...) is, in effect:
local apps
|
|
|---------------------------|
| Squid |
| |
| port 8888 | port 7777 |
| | | |
| Privoxy | |
| | | |
| Tor | |
| | | |
|---------------------------|
|
|----------------------------|
| |
| NAT Router |
| iptables |firewall |
| |
|----------------------------|
|
|
Onion
Router or DIRECT
Network
|
|
public internet
the relevant parts of squid.conf to making the Squid-->Privoxy(-->Tor)
connection work are:
http_port 10.0.0.10:8888 http_port 127.0.0.1:8888 cache_peer 127.0.0.1 parent 8118 3130 no-query default httpd_accel_port 80 httpd_accel_host virtual httpd_accel_with_proxy on httpd_accel_uses_host_header on acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/ acl MY_LAN src 10.0.0.0/255.255.255.0 never_direct allow all http_access allow localhost http_access allow MY_LAN forwarded_for off now, i'm guessing that to ADD the second ports, i'd add: http_port 10.0.0.10:7777 http_port 127.0.0.1:7777 but i immediately get confused here ... how do i 'route' the different listener ports' traffic differently?in particular, whereas the port 8888 traffic MUST avoid the origin servers, and hit the parent privoxy cache, via:
never_direct allow all ... cache_peer 127.0.0.1 parent 8118 3130 no-query default the port 7777 traffic would need a direct connection to the origin servers ... what's the right approach here? ports ACLs? or, am i looking at this all wrong?thx for any pointers/example/references! heck, even what to properly google on whould help ...
cheers, richard
Attachment:
pgp95C2fJS0gb.pgp
Description: PGP signature
