Search squid archive

Re: multiple http_port names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday, June 10, 2011 12:07:49 AM Amos Jeffries wrote:
> On 10/06/11 09:34, errno wrote:
> > I've got squid conf that looks a bit like the following snippet:
> > 
> > # ...
> > acl ip-192.168.1.2 myip 192.168.1.2
> > 
> > http_port 192.168.1.2:80 name=ip-192.168.1.2
> > http_port 192.168.1.2:8080 name=ip-192.168.1.2
> > 
> > tcp_outgoing_address 192.168.1.2 ip-192.168.1
> > # ...
> > 
> > 
> > Question:  do those http_port directives need to have
> > unique 'name=' entries?
> 
> unique.
> 
> > Or can they all share the
> > same name? Also - and perhaps more importantly,
> > is there any similar(ish) problems with the way I've
> > named the 'myip' acl the same as the http_port names?
> 
> myip is at the mercy of the interception lookups.
> 
> myportname only depends on what you put in squid.conf and which actual
> listening port the traffic arrives on.
> 

Well one thing that occurred is that I at first was using
myportname rather than myip for the acl in question -
but when doing so, all traffic appeared to be comming
from the server's primary ip addr (in this case, 192.168.1.1)
rather than what I intended as specified by tcp_outgoing_address -
in other words, the following (with a bit more config added for
context):

# ...
# 192.168.1.2
acl ip-192.168.1.2 myportname ip-192.168.1.2
http_port 192.168.1.2:80 name=ip-192.168.1.2
http_port 192.168.1.2:8080 name=ip-192.168.1.2
tcp_outgoing_address 192.168.1.2 ip-192.168.1.2

# 192.168.2.2
acl ip-192.168.2.2 myportname ip-192.168.2.2
http_port 192.168.2.2:80 name=ip-192.168.2.2
http_port 192.168.2.2:8080 name=ip-192.168.2.2
tcp_outgoing_address 192.168.2.2 ip-192.168.2.2
# ...


Using the above, tcp_outgoing_address did not work as 
expected/intended: using a tool such as http://www.whatismyip.com/ ,
showed 192.168.1.1 in all cases, regardless of which
http_port/myportname the client originated from.

Switching from the above, to:

# ...
# 192.168.1.2
acl ip-192.168.1.2 myip 192.168.1.2
http_port 192.168.1.2:80 name=ip-192.168.1.2
http_port 192.168.1.2:8080 name=ip-192.168.1.2
tcp_outgoing_address 192.168.1.2 ip-192.168.1.2

# 192.168.2.2
acl ip-192.168.2.2 myip 192.168.2.2
http_port 192.168.2.2:80 name=ip-192.168.2.2
http_port 192.168.2.2:8080 name=ip-192.168.2.2
tcp_outgoing_address 192.168.2.2 ip-192.168.2.2
# ...

... behaved as intended:  when clients went through
the http_port listener 192.168.2.2:80, the tcp_outgoing_address
worked as expected, wherein http://www.whatismyip.com
displayed 192.168.2.2 rather than 192.168.1.1.

Hope that makes sense; to rephrase/summarize:

* squid server's main/primary IP:  192.168.1.1

* one instance of squid running; 

* the single instance listening on multiple <ip>:<port> http_ports:
192.168.1.2:80, 192.168.1.2:8080, 192.168.1.2:80 and
192.168.1.2:8080

results:

~ first example, using: 
acl ip-192.168.1.2 myportname ip-192.168.1.2
and:
acl ip-192.168.2.2 myportname 192.168.2.2
... all cache traffic was detected as originating from server's 
main/primary ip: 192.168.1.1 - and not from the specified
tcp_outgoing_address 

~ BUT, second example, using:
acl ip-192.168.1.2 myip 192.168.1.2
and:
acl ip-192.168.2.2 myip 192.168.2.2
... all cache traffic was this time detected as originating
from the specified tcp_outgoing_address, as intended,
rather than from the squid server instances primary
ip addr (192.168.1.1).



So, something in the difference between:

# ...
acl ip-192.168.1.2 myportname ip-192.168.1.2
http_port 192.168.1.2:80 name=ip-192.168.1.2
http_port 192.168.1.2:8080 name=ip-192.168.1.2
tcp_outgoing_address 192.168.1.2 ip-192.168.1.2
#...

and:

# ...
#
# don't work:
#acl ip-192.168.1.2 myportname ip-192.168.1.2  
#
# works as expected/intended:
acl ip-192.168.1.2 myip 192.168.1.2
#
http_port 192.168.1.2:80 name=ip-192.168.1.2
http_port 192.168.1.2:8080 name=ip-192.168.1.2

tcp_outgoing_address 192.168.1.2 ip-192.168.1.2
#...


I'd like to understand what's going on, but the docs
I've read are not supplying any real information on
the matter.

( and as an additional piece of info; with the second
working-as-intended example, I did not need to set
server_persistent_connections to 'off', like the default
squid conf suggests:

#  TAG: tcp_outgoing_address
#  Allows you to map requests to different outgoing IP addresses
#  based on the username or source address of the user making
#  the request.
#
#  tcp_outgoing_address ipaddr [[!]aclname] ...
# [ ... ]
#  Note: The use of this directive using client dependent ACLs is
#  incompatible with the use of server side persistent connections. To
#  ensure correct results it is best to set server_persistent_connections
#  to off when using this directive in such configurations.


Basically, I have one instance of squid that is listening on multiple
ip:port http_port directives, and I want the tcp_outgoing_address
for each ip to properly reflect the ip that the cache request came in on.




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux