Search squid archive

Re: changing the outgoing Ip address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Hi - noob here, I've searched the archives and not been able to find an
> answer so I thought I'd post. Apologies if it's been covered before.
>
> I have a debian squid server on our school's intranet called apollo.
>
> apollo has a parent proxy which we must use to access the internet,
> called proxy.embc.etc.etc. I cannot alter the embc proxy at all.
>
> The embc proxy applies a lower level of filtering for client 10.16.52.13
> only and a higher level for all other ips (our range is 10.16.52.0 to
> 10.16.54.255)
>
> All our clients are configured to pass through our proxy apollo, I wish
> to set rules up so that staff get the lower level of external filtering
> and the rest get the higher level of filtering.
>
> Currently I am testing this on my own pc acl mark_pc but will change for
> all staff once I get this working.
>
> I have set up an alias ip address on our proxy apollo and added what I
> believe are the following significant lines to squid.conf
>
> acl mark_pc src 10.16.52.33
> tcp_outgoing_address 10.16.52.13 mark_pc
> tcp_outgoing_address 10.16.52.237
> server_persistent_connections off
>

1) check that both IPs 10.16.52.13 and 10.16.52.237 are assigned to an
outgoing interface on the Squid box.
 (done)

2) check that you are using a Squid 2.6 or later.

3)
  tcp_outgoing_address 10.16.52.13 mark_pc
  tcp_outgoing_address 10.16.52.237 !mark_pc


> however this hangs and timeouts my internet connection or slows it down
> significantly. This is immediately fixed if I comment out the line
> #tcp_outgoing_address 10.16.52.13 mark_pc
>
> Can anyone shed light on this problem? Please page down for Conf file
>
> ***** Other tests I've tried. ******
> 1) Setting up a workstation on 10.16.52.13 and setting it to use
> proxy.embc.etc directly - this worked fine.
>
> 2) Connecting to a server running phpinfo beyond both proxies
> this reported the following whether the line was commented or not.
> HTTP_X_FORWARDED_FOR 	10.16.52.33, 10.16.52.237
>
> which makes me think that the embc server was not getting the correct Ip
> alias at all (10.16.52.13) but the main one for eth0
>
> ************************************************************************************
> ### Output of ifconfig
> apollo:~# ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:0E:0C:37:D4:B8
>            inet addr:10.16.52.237  Bcast:10.16.255.255  Mask:255.255.252.0
>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>            RX packets:3716779 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:3888417 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:1000
>            RX bytes:2513027641 (2.3 GiB)  TX bytes:2760724194 (2.5 GiB)
>            Base address:0xde80 Memory:fea80000-feaa0000
>
> eth0:0    Link encap:Ethernet  HWaddr 00:0E:0C:37:D4:B8
>            inet addr:10.16.52.13  Bcast:10.16.255.255  Mask:255.255.252.0
>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>            Base address:0xde80 Memory:fea80000-feaa0000
> ************************************************************************************
> ### My squid.conf slightly edited for simplicity
> http_port 3128
> cache_mem 100 MB
> cache_dir ufs /var/spool/squid 500 16 256
>
> logfile_rotate 9
> offline_mode off
> maximum_object_size 102400 KB
> reload_into_ims off
> pipeline_prefetch off
> strip_query_terms off
> redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
>
> acl my_network 	src 10.16.52.0/255.255.252.0
> acl intranet 	dst 10.16.52.0/255.255.252.0
> acl all 	src 0.0.0.0/0.0.0.0
> acl SquidGuard_Rules ident REQUIRED
> acl local_network url_regex -i http://apollo* http://www.apollo*
> http://test.apollo* https://apollo* http://staffnet* http://filtered*
> http://filtered/ http://thor* http://10.16.5*
> acl mark_pc src 10.16.52.33
> acl notts_lea_intranet url_regex -i http://intra.nottinghamcity.gov.uk*
> acl blocked_domains dstdomain "/etc/squid/acl/blocked_domains.txt"
> acl staff ident fee.m wadsworth.k
>
> http_access allow intranet local_network
> http_access deny !SquidGuard_Rules
> http_access deny banned_users
> http_access deny blocked_domains
> http_access deny !my_network
> http_access allow SquidGuard_Rules
> http_access deny all
> deny_info http://filtered/?rule=noUser SquidGuard_Rules
> deny_info http://apollo/access_denied.php?url=%s blocked_domains
>
>
> cache_peer proxy.embc.org.uk parent 80 80 no-query
> cache_peer_access proxy.embc.org.uk allow !intranet
> cache_peer_domain  proxy.embc.org.uk !apollo !apollo:10000 !www.apollo
> !test.apollo !manning.nottingham.sch.uk !thor !filtered !staffnet
> !cerberus !athena !athena:8080
> cache_effective_user proxy
> cache_effective_group proxy
> never_direct allow all !intranet !notts_lea_intranet
> always_direct allow notts_lea_intranet !all
> hierarchy_stoplist intra.nottinghamcity.gov.uk
>
> ### If I uncomment out the mark_pc line below,
> ### the internet hangs from my PC
>
> #tcp_outgoing_address 10.16.52.13 mark_pc
> tcp_outgoing_address 10.16.52.237
> server_persistent_connections off
>
>



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux