It's doable but I really recommend to try and run squid on Linux instead of Windows. It's very important that you understand that the windows version cannot be fully supported for your specific need. Even if you will run a Linux virtual machine ontop of a windows box you will probably have better results then trying to find a "fix" for the windows version from this mailing list. Specifically for the thousands of IPv6 I believe that you will need a custom solution either by patching squid for Linux or write the right software for your needs. Hope It Helps, Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: IAPS Security Services, Ltd. [mailto:jared@xxxxxxxx] Sent: Wednesday, May 17, 2017 12:20 AM To: Eliezer Croitoru <eliezer@xxxxxxxxxxxx> Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Squid + IPv6 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --E9SVe58D61BPqLwwes7HgAq2DqWH0WJJV Content-Type: multipart/mixed; boundary="9uXrNjm44vJFPKovTw2oihDfwSCwtM6rd"; protected-headers="v1" From: "IAPS Security Services, Ltd." <jared@xxxxxxxx> To: Eliezer Croitoru <eliezer@xxxxxxxxxxxx> Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx Message-ID: <42b652f1-3bd6-a3c8-8a3f-821d14c0d0da@xxxxxxxx> Subject: Re: Squid + IPv6 References: <119093bb-bd72-b489-c10e-bde7b4e1b64c@xxxxxxxx> <04c301d2ce89$6748a060$35d9e120$@ngtech.co.il> In-Reply-To: <04c301d2ce89$6748a060$35d9e120$@ngtech.co.il> --9uXrNjm44vJFPKovTw2oihDfwSCwtM6rd Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable What I need from squid is the ability to use thousands of ipv6 ip addresses in normal http mode. I am not concerned about https at this point. But the original question was how to increase the ip limit of squid past the 128 ip maximum on a Windows platform. The main purpose is to assign a specific set of ipv6 proxies to specific users. Best Regards, Jared Twyler On 5/16/2017 4:14 PM, Eliezer Croitoru wrote: > Hey, > (not sure what=E2=80=99s your first name) >=20 > What do you actually need from squid, in words. > Do you need it as a caching proxy? > What functionality is the main business of squid in your scenario? > To give specific users ip addresses the option to use a specific >outgoi= ng address? > Do you need\want squid to enforce some policy else then the issue you > a= re having? > If you only need to "load balance'" or decide which outgoing ip will > be= used for a specific user source IP then there are much more efficient wa= ys to do that these days. > Also when you are talking about "big" number of users with big numbers > = of connections you need to be more specific about your upper limit. > If you want it to be more then 128 but less the 1024 I would say go > wit= h squid and compile it but... when you are talking about 1k+ I would reco= mmend you to rethink your strategy. > If you don't care about SSL-BUMP for example then there are really > simp= le ways to write a simple proxy which will do what you need, you just nee= d the right programmer. >=20 > All The Bests, > Eliezer >=20 > * I am really not looking for a job to write a proxy.. but just think >i= t's a kind suggestion to redirect into some other directions. >=20 > ---- > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: eliezer@xxxxxxxxxxxx >=20 >=20 >=20 > -----Original Message----- > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] >On= Behalf Of IAPS Security Services, Ltd. > Sent: Tuesday, May 16, 2017 10:21 PM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Squid + IPv6 >=20 > Greetings All, >=20 > First time poster to the list, long time squid user. >=20 > I have an issue I've come across and I'm greatful if the community can >suggest ideas here. I've recently deployed squid for Windows from >Diladele (http://squid.diladele.com/) and they said to bring my issue >t= o > the mail list. >=20 > Here goes: >=20 > Squid requires each individual ip to be put on the network card >instead= > of being permitted to use a cidr annotation for dedicated ip's. There > i= s > a 128 ip limit for squid by default. This limit can be removed for > linu= x > machines by re-compiling and adjusting the limits. In the ipv6 >deployment that I'm trying to create, I need much more than 128 ip's. >=20 > There are no instructions, at least none that I could find in a basic >google search, on how to increase this limit on a windows deployment. > With ipv6 ip's I'm setting up individual ipv6's per squid acl's so >that= > users have access to specific ipv6 proxies. Only issue I have is the > 12= 8 > ip limit imposed by default. Now when you have access to an ipv6 /29 > range 128 usable ip's is a drop in the bucket and I'd need the ability > to have squid to use thousands of ipv6 ip addresses on demand. The > firs= t > 128 work fine, but when adding the 129th, the entirety of squid >immediately stops working. The acl that I'm using looks like this: >=20 > acl ip1 myip 2axx:xxxx:285::1 > tcp_outgoing_address 2axx:xxxx:285::1 ip1 >=20 > acl ip2 myip 2axx:xxxx:285::2 > tcp_outgoing_address 2axxxx:xxxx:285::2 ip2 >=20 > How can I compile squid for windows to get around the 128 ip limit >impo= sed? >=20 --9uXrNjm44vJFPKovTw2oihDfwSCwtM6rd-- --E9SVe58D61BPqLwwes7HgAq2DqWH0WJJV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZG2z0AAoJEHJVw0pF7EnlQK4QAKy+I3fflCY1Z9XXoRoygpg2 d2DBcJ688fXY9xqbonGQ6h46FqNZCSBmViiPhTPt0ebj5sXOdGcjA4o0SK03JW15 8vmlfCd2hDfRFtkkVkqa6muTF3SLvVSPhb48/5AvAI6rDzwRrZWx8UeGH0X9nei1 nUd/wQdCY4V8CTA/ZeJmqF855ZrNzKw0+rb/s/m4Ub+Q8KxyJ/z+ygu9IRyi10Bc /94IjY+w0vL+fZzZN0FZIloVYNGFyHfu4fHe028jSZ00stwH1zS5M2g6D1A4JI1P oSbJ/5wkxwX51h7+B70t8pHQIQ/XD9BZ71EvE+jz5ImtnJwOLq5EuTLHZtlzFr6e lHdWw+Pp6mqIB+IXTuE8iXsTT1J5rullUdpCEtg7+nh9Sp3Z0Q7YdLQrRNF902v8 7qDptx1tIHQ9J9cBchGtsX1wgOKNIG8FH28XSSzfT45x69Z14r7mTSxLeszblcvN LDzXr+DXLj0N6esOFQGzHM/YCn0A5bAWQinoLO/pmdflxGnbPPTXI4muxkz1E/Mp Kz60FW3TYPHtYHJ66NKKu8iL7W0Ax+aEkaEuAX5c9e8LL15U1FCOlT7KfeE0WU9+ oPsOCW/eoTrtdWfGzSTShg3A3Plfip5jUpjz4lJl7VDD4v3Ldwcx4oCt4QGwoowC 2zRnoiMu+j+mFwNpGhkQ =t2dJ -----END PGP SIGNATURE----- --E9SVe58D61BPqLwwes7HgAq2DqWH0WJJV-- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
