Hello,
I need Squid to handle multiple IP addresses (more than 128), each bound to port 3128, with different users authenticated and assigned to specific IP addresses for outgoing traffic. However, I’ve encountered a limitation on the number of IP addresses/ports that Squid can listen on.
Example configuration:
http_port 192.168.1.1:3128
http_port 192.168.1.2:3128
[...]
http_port 192.168.1.254:3128
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid_Proxy
auth_param basic casesensitive off
shutdown_lifetime 1 seconds
acl user1 proxy_auth user1
acl user2 proxy_auth user2
[...]
acl user254 proxy_auth user254
acl ip_192_168_1_1 localip 192.168.1.1
acl ip_192_168_1_2 localip 192.168.1.2
[...]
acl ip_192_168_1_254 localip 192.168.1.254
tcp_outgoing_address 192.168.1.1 user1
tcp_outgoing_address 192.168.1.2 user2
[...]
tcp_outgoing_address 192.168.1.254 user254
http_access allow user1 ip_192_168_1_1
http_access allow user2 ip_192_168_1_2
[...]
http_access allow user254 ip_192_168_1_254
http_access deny all
I need Squid to handle multiple IP addresses (more than 128), each bound to port 3128, with different users authenticated and assigned to specific IP addresses for outgoing traffic. However, I’ve encountered a limitation on the number of IP addresses/ports that Squid can listen on.
Example configuration:
http_port 192.168.1.1:3128
http_port 192.168.1.2:3128
[...]
http_port 192.168.1.254:3128
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid_Proxy
auth_param basic casesensitive off
shutdown_lifetime 1 seconds
acl user1 proxy_auth user1
acl user2 proxy_auth user2
[...]
acl user254 proxy_auth user254
acl ip_192_168_1_1 localip 192.168.1.1
acl ip_192_168_1_2 localip 192.168.1.2
[...]
acl ip_192_168_1_254 localip 192.168.1.254
tcp_outgoing_address 192.168.1.1 user1
tcp_outgoing_address 192.168.1.2 user2
[...]
tcp_outgoing_address 192.168.1.254 user254
http_access allow user1 ip_192_168_1_1
http_access allow user2 ip_192_168_1_2
[...]
http_access allow user254 ip_192_168_1_254
http_access deny all
Compilation Attempts:
Recompiling using dpkg-buildpackage with the CXXFLAGS:
sudo apt-get build-dep squid
apt-get source squid
cd squid-*
export CXXFLAGS="-DMAXTCPLISTENPORTS=254"
dpkg-buildpackage -us -uc
sudo dpkg -i ../squid_5.2-1ubuntu4_amd64.deb ../squid-common_5.2-1ubuntu4_all.deb
However, when I run squid -v, the CXXFLAGS="-DMAXTCPLISTENPORTS=254" flag does not appear in the compiled version. This makes me question if the custom flag is even applied.
Compiling manually with make:
wget http://www.squid-cache.org/Versions/v5/squid-5.2.tar.gz
tar -xzf squid-5.2.tar.gz
cd squid-5.2
export CXXFLAGS="-DMAXTCPLISTENPORTS=254"
./configure --prefix=/usr --localstatedir=/var --libexecdir=/usr/lib/squid --datadir=/usr/share/squid \
--sysconfdir=/etc/squid --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid \
--enable-ssl --enable-ssl-crtd --enable-auth --enable-cache-digests \
--enable-removal-policies="lru,heap" --enable-follow-x-forwarded-for
make
sudo make install
But again, after running squid -v, the custom flag doesn't appear, and the limit for the number of listening IP addresses is still in place.
I’ve tested with various versions of Squid, ranging from 4.8 to 5.9, but none of them seem to apply the custom flag for increasing the number of listening addresses/ports.
Questions:
How can I confirm that Squid is applying the MAXTCPLISTENPORTS value? Is there a way to force Squid to recognize this parameter?
Is there an alternative method to configure Squid to handle 254 IP addresses without recompiling? Am I missing a critical step in the build process?
Do you have any recommendations to optimize the configuration for managing an entire /24 prefix with 254 addresses?
Any advice or suggestions would be greatly appreciated! I’ve done extensive research on the issue, but I haven’t found a solution yet.
Thanks in advance for your help!
Best regards,
Alexis
Recompiling using dpkg-buildpackage with the CXXFLAGS:
sudo apt-get build-dep squid
apt-get source squid
cd squid-*
export CXXFLAGS="-DMAXTCPLISTENPORTS=254"
dpkg-buildpackage -us -uc
sudo dpkg -i ../squid_5.2-1ubuntu4_amd64.deb ../squid-common_5.2-1ubuntu4_all.deb
However, when I run squid -v, the CXXFLAGS="-DMAXTCPLISTENPORTS=254" flag does not appear in the compiled version. This makes me question if the custom flag is even applied.
Compiling manually with make:
wget http://www.squid-cache.org/Versions/v5/squid-5.2.tar.gz
tar -xzf squid-5.2.tar.gz
cd squid-5.2
export CXXFLAGS="-DMAXTCPLISTENPORTS=254"
./configure --prefix=/usr --localstatedir=/var --libexecdir=/usr/lib/squid --datadir=/usr/share/squid \
--sysconfdir=/etc/squid --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid \
--enable-ssl --enable-ssl-crtd --enable-auth --enable-cache-digests \
--enable-removal-policies="lru,heap" --enable-follow-x-forwarded-for
make
sudo make install
But again, after running squid -v, the custom flag doesn't appear, and the limit for the number of listening IP addresses is still in place.
I’ve tested with various versions of Squid, ranging from 4.8 to 5.9, but none of them seem to apply the custom flag for increasing the number of listening addresses/ports.
Questions:
How can I confirm that Squid is applying the MAXTCPLISTENPORTS value? Is there a way to force Squid to recognize this parameter?
Is there an alternative method to configure Squid to handle 254 IP addresses without recompiling? Am I missing a critical step in the build process?
Do you have any recommendations to optimize the configuration for managing an entire /24 prefix with 254 addresses?
Any advice or suggestions would be greatly appreciated! I’ve done extensive research on the issue, but I haven’t found a solution yet.
Thanks in advance for your help!
Best regards,
Alexis
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
