Re: How to get 2 instances of squid running from 2 different IP's

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

Chris Robertson wrote:
> Chris Robertson wrote:
> > Urkow, Jason wrote:
> > > Hello,
> > >
> > > I am from a school division and we have squid boxes running in each 
> > > of our schools. We also use the proxies for logging. We have a 
> > > firewall that does our content filtering, and it filters based on the 
> > > IP address from the requested IP address (the proxy server). Is it 
> > > possible to setup a single squid server that has two IP address and 
> > > have two instances of squid running (one for students and one for 
> > > teachers). What we want is the filtering for students and teachers to 
> > > be different based on the IP address of the squid server. what my 
> > > problem is that if I have students pointing to proxy A (with IP 
> > > 10.1.1.31) and teachers to proxy B (with IP 10.1.1.32) and proxy B 
> > > isn't being filtered on our firewall, the students can still get the 
> > > unfiltered content from proxy B even though they are pointing to 
> > > proxy A.
> > >
> > > I have tried setting the http_port setting to
> > > Proxy A config file (with eth0 being 10.1.1.31):
> > > http_port 10.1.1.31:8080
> > >
> > > Proxy B config file (with eth1 being 10.1.1.32):
> > > http_port 10.1.1.32:8081
> > >
> > > I have tried some acl configs with the http_access without any success.
> > >
> > > There might be a way with iptables, but I do not know how to use it.
> > >
> > > Basically how can I get the "Proxy B process" to access the firewall, 
> > > and still be filtered, without using the Proxy A (10.1.1.31) 
> > > address?  Any suggestions?
> > >
> > > Thanks in advance!
> > > Jason
> > >   
> >
> > If you want to run two separate instances of Squid on one box...
> >
> > http://wiki.squid-cache.org/MultipleInstances
> >
> > ...will get you started.
> >
> > If you want to run one instance of Squid (with a joint cache), then...
> >
> > http_port 10.1.1.31:8080
> > http_port 10.1.1.32:8081
> > acl TeacherIP 10.1.1.32
>
> Mea culpa.  This line should read...
>
> acl TeacherIP myip 10.1.1.32/32
>
> > tcp_outgoing_address 10.1.1.32 TeacherIP
> > server_persistent_connections off
> >
> > ...will put all traffic that comes in on 10.1.1.32 out using the same 
> > IP.  Persistent server connections can interfere with 
> > tcp_outgoing_address (Squid will not open a second connection using a 
> > different IP to a server where a persistent connection already 
> > exists), so it's best to disable it.

Will also need something that stops 10.1.1.31 inbound traffic going out 
that IP.

tcp_outgoing_address 10.1.1.31 !TeacherIP


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
  Current Beta Squid 3.1.0.5