Re: [squid-users] How to get 2 instances of squid running from 2 different IP's

From: Chris Robertson <crobertson_at_gci.net>
Date: Thu, 19 Feb 2009 15:21:14 -0900

Chris Robertson wrote:
> Urkow, Jason wrote:
>> Hello,
>>
>> I am from a school division and we have squid boxes running in each
>> of our schools. We also use the proxies for logging. We have a
>> firewall that does our content filtering, and it filters based on the
>> IP address from the requested IP address (the proxy server). Is it
>> possible to setup a single squid server that has two IP address and
>> have two instances of squid running (one for students and one for
>> teachers). What we want is the filtering for students and teachers to
>> be different based on the IP address of the squid server. what my
>> problem is that if I have students pointing to proxy A (with IP
>> 10.1.1.31) and teachers to proxy B (with IP 10.1.1.32) and proxy B
>> isn't being filtered on our firewall, the students can still get the
>> unfiltered content from proxy B even though they are pointing to
>> proxy A.
>>
>> I have tried setting the http_port setting to
>> Proxy A config file (with eth0 being 10.1.1.31):
>> http_port 10.1.1.31:8080
>>
>> Proxy B config file (with eth1 being 10.1.1.32):
>> http_port 10.1.1.32:8081
>>
>> I have tried some acl configs with the http_access without any success.
>>
>> There might be a way with iptables, but I do not know how to use it.
>>
>> Basically how can I get the "Proxy B process" to access the firewall,
>> and still be filtered, without using the Proxy A (10.1.1.31) address?
>> Any suggestions?
>>
>> Thanks in advance!
>> Jason
>>
>
> If you want to run two separate instances of Squid on one box...
>
> http://wiki.squid-cache.org/MultipleInstances
>
> ...will get you started.
>
> If you want to run one instance of Squid (with a joint cache), then...
>
> http_port 10.1.1.31:8080
> http_port 10.1.1.32:8081
> acl TeacherIP 10.1.1.32

Mea culpa. This line should read...

acl TeacherIP myip 10.1.1.32/32

> tcp_outgoing_address 10.1.1.32 TeacherIP
> server_persistent_connections off
>
> ...will put all traffic that comes in on 10.1.1.32 out using the same
> IP. Persistent server connections can interfere with
> tcp_outgoing_address (Squid will not open a second connection using a
> different IP to a server where a persistent connection already
> exists), so it's best to disable it.
>
> Chris
>
>

Chris
Received on Fri Feb 20 2009 - 00:21:27 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 20 2009 - 12:00:01 MST