> Hi - noob here, I've searched the archives and not been able to find an > answer so I thought I'd post. Apologies if it's been covered before. > > I have a debian squid server on our school's intranet called apollo. > > apollo has a parent proxy which we must use to access the internet, > called proxy.embc.etc.etc. I cannot alter the embc proxy at all. > > The embc proxy applies a lower level of filtering for client 10.16.52.13 > only and a higher level for all other ips (our range is 10.16.52.0 to > 10.16.54.255) > > All our clients are configured to pass through our proxy apollo, I wish > to set rules up so that staff get the lower level of external filtering > and the rest get the higher level of filtering. > > Currently I am testing this on my own pc acl mark_pc but will change for > all staff once I get this working. > > I have set up an alias ip address on our proxy apollo and added what I > believe are the following significant lines to squid.conf > > acl mark_pc src 10.16.52.33 > tcp_outgoing_address 10.16.52.13 mark_pc > tcp_outgoing_address 10.16.52.237 > server_persistent_connections off > 1) check that both IPs 10.16.52.13 and 10.16.52.237 are assigned to an outgoing interface on the Squid box. (done) 2) check that you are using a Squid 2.6 or later. 3) tcp_outgoing_address 10.16.52.13 mark_pc tcp_outgoing_address 10.16.52.237 !mark_pc > however this hangs and timeouts my internet connection or slows it down > significantly. This is immediately fixed if I comment out the line > #tcp_outgoing_address 10.16.52.13 mark_pc > > Can anyone shed light on this problem? Please page down for Conf file > > ***** Other tests I've tried. ****** > 1) Setting up a workstation on 10.16.52.13 and setting it to use > proxy.embc.etc directly - this worked fine. > > 2) Connecting to a server running phpinfo beyond both proxies > this reported the following whether the line was commented or not. > HTTP_X_FORWARDED_FOR 10.16.52.33, 10.16.52.237 > > which makes me think that the embc server was not getting the correct Ip > alias at all (10.16.52.13) but the main one for eth0 > > ************************************************************************************ > ### Output of ifconfig > apollo:~# ifconfig > eth0 Link encap:Ethernet HWaddr 00:0E:0C:37:D4:B8 > inet addr:10.16.52.237 Bcast:10.16.255.255 Mask:255.255.252.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:3716779 errors:0 dropped:0 overruns:0 frame:0 > TX packets:3888417 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:2513027641 (2.3 GiB) TX bytes:2760724194 (2.5 GiB) > Base address:0xde80 Memory:fea80000-feaa0000 > > eth0:0 Link encap:Ethernet HWaddr 00:0E:0C:37:D4:B8 > inet addr:10.16.52.13 Bcast:10.16.255.255 Mask:255.255.252.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Base address:0xde80 Memory:fea80000-feaa0000 > ************************************************************************************ > ### My squid.conf slightly edited for simplicity > http_port 3128 > cache_mem 100 MB > cache_dir ufs /var/spool/squid 500 16 256 > > logfile_rotate 9 > offline_mode off > maximum_object_size 102400 KB > reload_into_ims off > pipeline_prefetch off > strip_query_terms off > redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf > > acl my_network src 10.16.52.0/255.255.252.0 > acl intranet dst 10.16.52.0/255.255.252.0 > acl all src 0.0.0.0/0.0.0.0 > acl SquidGuard_Rules ident REQUIRED > acl local_network url_regex -i http://apollo* http://www.apollo* > http://test.apollo* https://apollo* http://staffnet* http://filtered* > http://filtered/ http://thor* http://10.16.5* > acl mark_pc src 10.16.52.33 > acl notts_lea_intranet url_regex -i http://intra.nottinghamcity.gov.uk* > acl blocked_domains dstdomain "/etc/squid/acl/blocked_domains.txt" > acl staff ident fee.m wadsworth.k > > http_access allow intranet local_network > http_access deny !SquidGuard_Rules > http_access deny banned_users > http_access deny blocked_domains > http_access deny !my_network > http_access allow SquidGuard_Rules > http_access deny all > deny_info http://filtered/?rule=noUser SquidGuard_Rules > deny_info http://apollo/access_denied.php?url=%s blocked_domains > > > cache_peer proxy.embc.org.uk parent 80 80 no-query > cache_peer_access proxy.embc.org.uk allow !intranet > cache_peer_domain proxy.embc.org.uk !apollo !apollo:10000 !www.apollo > !test.apollo !manning.nottingham.sch.uk !thor !filtered !staffnet > !cerberus !athena !athena:8080 > cache_effective_user proxy > cache_effective_group proxy > never_direct allow all !intranet !notts_lea_intranet > always_direct allow notts_lea_intranet !all > hierarchy_stoplist intra.nottinghamcity.gov.uk > > ### If I uncomment out the mark_pc line below, > ### the internet hangs from my PC > > #tcp_outgoing_address 10.16.52.13 mark_pc > tcp_outgoing_address 10.16.52.237 > server_persistent_connections off > >
