Not yet , I know ip routing :) Also I searched but didn’t fins a useful thing about my issue Can u guide more plz ? -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Yuri Voinov Sent: Friday, February 20, 2015 7:41 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: many vms behind router to same proxy ips problems ! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is not squid problem, man. Did you hear about TCP routing? This is the thing your need. 21.02.15 7:37, snakeeyes пишет: > Hi , > > > > I have squid with many ips already installed with and configured > well with tcp_outgoing directive. > > > > The provlem that I face is ; > > When many pc behind a router with same public ip use the proxy ips. > > > > Assume I have 2 pcs > > Pc1===> Using proxy ip 1.1.1.1 > > Pc2===>using proxy 1.1.1.2 > > Note that 1.1.1.1 & 1.1.1.2 are just for example and we assume those > ips are existed on the main server squid. > > > > Pc1 & pc2 ips are 192.168.1.100 & 192.168.1.101 and their public ip is > 31.220.243.0 > > > > > > I go to pc1 and type "whatismyipaddrss.com " I see 1.1.1.1 > > > > Then I go to pc2 and type "whatismyipaddrss.com " I see 2.2.2.2 > > Now lets go back to pc1 and refresh the page whatismyipaddrss.com > ===?> then I see 2.2.2.2 not 1.1.1.1 > > > > This is my problem. > > > > Why sometimes after somefrefresh I get the other ip not ip I put in in > browser ?? > > > > Could it because same pcs has same public ip ?? > > > > > > I tried to put por for each ip like 1.1.1.1:1333 and 2.2.2.2:1222 .... > but same resukt , the ip keep changes > > > > Also I disabled cacing on squid but no luck . > > > > Is that a natural thing ? > > > > Or squid can be optimized ? > > > > [root@dbmedia ~]# cat /etc/squid/squid.conf > > # Lockdown Procedures > > auth_param basic program /usr/lib/squid/ncsa_auth > /etc/squid/squid_passwd > > acl ncsa_users proxy_auth REQUIRED > > http_access allow ncsa_users > > # > > # > > # Recommended minimum configuration: > > # > > acl manager proto cache_object > > acl localhost src 127.0.0.1/32 ::1 > > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 > > > > # Example rule allowing access from your local networks. > > # Adapt to list your (internal) IP networks from where browsing > > # should be allowed > > acl localnet src 10.0.0.0/8 # RFC1918 possible internal > network > > acl localnet src 172.16.0.0/12 # RFC1918 possible internal network > > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > > acl localnet src fc00::/7 # RFC 4193 local private network > range > > acl localnet src fe80::/10 # RFC 4291 link-local (directly > plugged) machines > > > > acl SSL_ports port 443 > > acl Safe_ports port 80 # http > > acl Safe_ports port 21 # ftp > > acl Safe_ports port 443 # https > > acl Safe_ports port 70 # gopher > > acl Safe_ports port 210 # wais > > acl Safe_ports port 1025-65535 # unregistered ports > > acl Safe_ports port 280 # http-mgmt > > acl Safe_ports port 488 # gss-http > > acl Safe_ports port 591 # filemaker > > acl Safe_ports port 777 # multiling http > > acl CONNECT method CONNECT > > > > # > > # Recommended minimum Access Permission configuration: > > # > > # Only allow cachemgr access from localhost > > http_access allow manager localhost > > http_access deny manager > > > > # Deny requests to certain unsafe ports > > http_access deny !Safe_ports > > > > # Deny CONNECT to other than secure SSL ports > > http_access deny CONNECT !SSL_ports > > > > # We strongly recommend the following be uncommented to protect > innocent > > # web applications running on the proxy server who think the only > > # one who can access services on "localhost" is a local user > > #http_access deny to_localhost > > > > # > > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > > # > > > > # Example rule allowing access from your local networks. > > # Adapt localnet in the ACL section to list your (internal) IP > networks > > # from where browsing should be allowed > > http_access allow localnet > > http_access allow localhost > > > > # And finally deny all other access to this proxy > > http_access deny all > > > > # Squid normally listens to port 3128 > > http_port 1111 > > http_port xxx.27.65:1165 > > http_port xx.27.68:1168 > > # We recommend you to use at least the following line. > > hierarchy_stoplist cgi-bin ? > > > > # Uncomment and adjust the following to add a disk cache directory. > > #cache_dir ufs /var/spool/squid 100 16 256 > > #cache_dir null > > cache deny all > > # Leave coredumps in the first cache dir > > coredump_dir /var/spool/squid > > > > # Add any of your own refresh_pattern entries above these. > > refresh_pattern ^ftp: 1440 20% 10080 > > refresh_pattern ^gopher: 1440 0% 1440 > > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > > refresh_pattern . 0 20% 4320 > > ############################### > > forwarded_for off > > request_header_access Allow allow all > > request_header_access Authorization allow all > > request_header_access WWW-Authenticate allow all > > request_header_access Proxy-Authorization allow all > > request_header_access Proxy-Authenticate allow all > > request_header_access Cache-Control allow all > > request_header_access Content-Encoding allow all > > request_header_access Content-Length allow all > > request_header_access Content-Type allow all > > request_header_access Date allow all > > request_header_access Expires allow all > > request_header_access Host allow all > > request_header_access If-Modified-Since allow all > > request_header_access Last-Modified allow all > > request_header_access Location allow all > > request_header_access Pragma allow all > > request_header_access Accept allow all > > request_header_access Accept-Charset allow all > > request_header_access Accept-Encoding allow all > > request_header_access Accept-Language allow all > > request_header_access Content-Language allow all > > request_header_access Mime-Version allow all > > request_header_access Retry-After allow all > > request_header_access Title allow all > > request_header_access Connection allow all > > request_header_access Proxy-Connection allow all > > request_header_access User-Agent allow all > > request_header_access Cookie allow all > > request_header_access X-Forwarded-For deny all > > request_header_access Via deny all > > request_header_access All allow all > > ######################################## > > acl ipxx myip xx acl ipxx myip xx acl ipxx myip xx > > > > ####################################### > > tcp_outgoing_address xxxx ipxxx > > tcp_outgoing_address xxxx ipxxx > > > > tcp_outgoing_address xxxx ipxxx > > > > tcp_outgoing_address xxxx ipxxx > > > > ##################################### > > > > > > > > > > > > squid -v > > Squid Cache: Version 3.1.10 > > configure options: '--build=i386-redhat-linux-gnu' > '--host=i386-redhat-linux-gnu' '--target=i686-redhat-linux-gnu' > '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' > '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' > '--datadir=/usr/share' '--includedir=/usr/include' > '--libdir=/usr/lib' '--libexecdir=/usr/libexec' > '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' > '--infodir=/usr/share/info' '--enable-internal-dns' > '--disable-strict-error-checking' '--exec_prefix=/usr' > '--libexecdir=/usr/lib/squid' '--localstatedir=/var' > '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' > '--with-logdir=$(localstatedir)/log/squid' > '--with-pidfile=$(localstatedir)/run/squid.pid' > '--disable-dependency-tracking' '--enable-arp-acl' > '--enable-follow-x-forwarded-for' > '--enable-auth=basic,digest,ntlm,negotiate' > '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi- > domain > > - -NTLM,SASL,DB,POP3,squid_radius_auth' > '--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth' > '--enable-digest-auth-helpers=password,ldap,eDirectory' > '--enable-negotiate-auth-helpers=squid_kerb_auth' > '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,w > binfo_ > > group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' > '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' > '--enable-ident-lookups' '--with-large-files' > '--enable-linux-netfilter' '--enable-referer-log' > '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl' > '--enable-storeio=aufs,diskd,ufs' '--enable-useragent-log' > '--enable-wccpv2' '--enable-esi' '--with-aio' > '--with-default-user=squid' '--with-filedescriptors=16384' > '--with-dl' '--with-openssl' '--with-pthreads' > 'build_alias=i386-redhat-linux-gnu' > 'host_alias=i386-redhat-linux-gnu' > 'target_alias=i686-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall > -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector > --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom > -fasynchronous-unwind-tables -fpie' 'LDFLAGS=-pie' 'CXXFLAGS=-O2 -g > -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector > --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom > -fasynchronous-unwind-tables -fpie' > --with-squid=/builddir/build/BUILD/squid-3.1.10 > > > > > > cheers > > > > > _______________________________________________ squid-users mailing > list squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU51WNAAoJENNXIZxhPexGt2EIAKkQ9qSo2UJ+hc9bz0vLB9aK FDpA84Y5vh7wu/a1srHjt35CWGTQw1kSHo4C74ibDtdoNMts9BNY6CLGhn/V2u/o FWHk772XPrAPSIlVrdM5sFBoaZhuzGF4mKH5+isAKGae/+LeDkCgx8ud87YVGq9s AfnblhnkTKZM1O2kgljTjIUV1T/YyAB2kI6KnzX67JVez8FSmKarZnFlIyoWd8OE VXCR0xaGYnQfMjOlnzU4LHvNKirHl+YvhU2PFCva1zFWI621DpbZ6wg6jvencJvy iWxan/yysp8pt7OyxpOeomsnqmetLayIFB9HfqzSxn7JcNFtUIcr3p8B+9E9DaE= =l5Wh -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
