Search squid archive

Re: Squid traffic paths

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2024-08-27 14:07, Scott Bates wrote:

My lab is setup as such:
Hypervisor host
Squid VM
Test VM 1 (windows)
Test VM 2 (windows)
Test VM 3 (windows)
I have my proxies setup in the squid config. On the test vms I have the windows proxy settings pointing to the squid IP and port. If I check the public IP on that vm it shows up as the proxy IP. And in the proxy logs I see traffic going out.
The issue I'm having is that some external services are seeing the hosts public IP for the test vms and not the proxy ip.
What protocol do those external services use in problematic use cases? Does Squid see the corresponding requests from VMs? Squid can only proxy HTTP and FTP... 


> I'm not exactly sure how squid handles all dns traffic.
Squid generates DNS queries (if needed) and, naturally, receives DNS answers for the queries it generates. Squid does not receive and, hence, does not forward/proxy DNS queries. There is no dns_port option in squid.conf; only http(s)_port and ftp_port. 

> never_direct allow port3127_acl
> never_direct allow all
Pick one. The first (more restrictive) rule is not needed if you are going to allow all. 


HTH,

Alex.



Squid config:
*# First proxy
http_port 3127
acl port3127_acl myport 3127
cache_peer PROXYIP parent 9229 0 proxy-only no-query no-digest login=USERNAME:PASSWORD 
cache_peer_access PROXYIP allow port3127_acl
cache_peer_access PROXYIP deny all
never_direct allow port3127_acl
never_direct allow all
http_access allow port3127_acl
# Deny caching on all proxies (optional)
cache deny all
# Default access control
http_access deny all
dns_nameservers 127.0.0.1
forwarded_for off
request_header_access X-Forwarded-For deny all*
I'm not exactly sure how squid handles all dns traffic. I feel like this might be a dns issue. I tried using google dns and the squid server ip as dns on the test vms but same issue. I started to mess around with dnsmasq installed on squid but I'm not sure if I'm going down the right path or not. 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux