Search squid archive

changing the outgoing Ip address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi - noob here, I've searched the archives and not been able to find an answer so I thought I'd post. Apologies if it's been covered before.

I have a debian squid server on our school's intranet called apollo.

apollo has a parent proxy which we must use to access the internet, called proxy.embc.etc.etc. I cannot alter the embc proxy at all.

The embc proxy applies a lower level of filtering for client 10.16.52.13 only and a higher level for all other ips (our range is 10.16.52.0 to 10.16.54.255)

All our clients are configured to pass through our proxy apollo, I wish to set rules up so that staff get the lower level of external filtering and the rest get the higher level of filtering.

Currently I am testing this on my own pc acl mark_pc but will change for all staff once I get this working.

I have set up an alias ip address on our proxy apollo and added what I believe are the following significant lines to squid.conf

acl mark_pc src 10.16.52.33
tcp_outgoing_address 10.16.52.13 mark_pc
tcp_outgoing_address 10.16.52.237
server_persistent_connections off

however this hangs and timeouts my internet connection or slows it down significantly. This is immediately fixed if I comment out the line
#tcp_outgoing_address 10.16.52.13 mark_pc

Can anyone shed light on this problem? Please page down for Conf file

***** Other tests I've tried. ******
1) Setting up a workstation on 10.16.52.13 and setting it to use proxy.embc.etc directly - this worked fine.

2) Connecting to a server running phpinfo beyond both proxies
this reported the following whether the line was commented or not.
HTTP_X_FORWARDED_FOR 	10.16.52.33, 10.16.52.237

which makes me think that the embc server was not getting the correct Ip alias at all (10.16.52.13) but the main one for eth0

************************************************************************************
### Output of ifconfig
apollo:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0E:0C:37:D4:B8
          inet addr:10.16.52.237  Bcast:10.16.255.255  Mask:255.255.252.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3716779 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3888417 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2513027641 (2.3 GiB)  TX bytes:2760724194 (2.5 GiB)
          Base address:0xde80 Memory:fea80000-feaa0000

eth0:0    Link encap:Ethernet  HWaddr 00:0E:0C:37:D4:B8
          inet addr:10.16.52.13  Bcast:10.16.255.255  Mask:255.255.252.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Base address:0xde80 Memory:fea80000-feaa0000
************************************************************************************
### My squid.conf slightly edited for simplicity
http_port 3128
cache_mem 100 MB
cache_dir ufs /var/spool/squid 500 16 256

logfile_rotate 9
offline_mode off
maximum_object_size 102400 KB
reload_into_ims off
pipeline_prefetch off
strip_query_terms off
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

acl my_network 	src 10.16.52.0/255.255.252.0
acl intranet 	dst 10.16.52.0/255.255.252.0
acl all 	src 0.0.0.0/0.0.0.0
acl SquidGuard_Rules ident REQUIRED
acl local_network url_regex -i http://apollo* http://www.apollo* http://test.apollo* https://apollo* http://staffnet* http://filtered* http://filtered/ http://thor* http://10.16.5*
acl mark_pc src 10.16.52.33
acl notts_lea_intranet url_regex -i http://intra.nottinghamcity.gov.uk*
acl blocked_domains dstdomain "/etc/squid/acl/blocked_domains.txt"
acl staff ident fee.m wadsworth.k

http_access allow intranet local_network
http_access deny !SquidGuard_Rules
http_access deny banned_users
http_access deny blocked_domains
http_access deny !my_network
http_access allow SquidGuard_Rules
http_access deny all
deny_info http://filtered/?rule=noUser SquidGuard_Rules
deny_info http://apollo/access_denied.php?url=%s blocked_domains


cache_peer proxy.embc.org.uk parent 80 80 no-query
cache_peer_access proxy.embc.org.uk allow !intranet
cache_peer_domain proxy.embc.org.uk !apollo !apollo:10000 !www.apollo !test.apollo !manning.nottingham.sch.uk !thor !filtered !staffnet !cerberus !athena !athena:8080
cache_effective_user proxy
cache_effective_group proxy
never_direct allow all !intranet !notts_lea_intranet
always_direct allow notts_lea_intranet !all
hierarchy_stoplist intra.nottinghamcity.gov.uk

### If I uncomment out the mark_pc line below,
### the internet hangs from my PC

#tcp_outgoing_address 10.16.52.13 mark_pc
tcp_outgoing_address 10.16.52.237
server_persistent_connections off


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux