[squid-users] Squid + IPv6

Tue May 16 21:14:28 UTC 2017

Hey,
(not sure what’s your first name)

What do you actually need from squid, in words.
Do you need it as a caching proxy?
What functionality is the main business of squid in your scenario?
To give specific users ip addresses the option to use a specific outgoing address?
Do you need\want squid to enforce some policy else then the issue you are having?
If you only need to "load balance'" or decide which outgoing ip will be used for a specific user source IP then there are much more efficient ways to do that these days.
Also when you are talking about "big" number of users with big numbers of connections you need to be more specific about your upper limit.
If you want it to be more then 128 but less the 1024 I would say go with squid and compile it but... when you are talking about 1k+ I would recommend you to rethink your strategy.
If you don't care about SSL-BUMP for example then there are really simple ways to write a simple proxy which will do what you need, you just need the right programmer.

All The Bests,
Eliezer

* I am really not looking for a job to write a proxy.. but just think it's a kind suggestion to redirect into some other directions.

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of IAPS Security Services, Ltd.
Sent: Tuesday, May 16, 2017 10:21 PM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] Squid + IPv6

Greetings All,

First time poster to the list, long time squid user.

I have an issue I've come across and I'm greatful if the community can
suggest ideas here. I've recently deployed squid for Windows from
Diladele (http://squid.diladele.com/) and they said to bring my issue to
the mail list.

Here goes:

Squid requires each individual ip to be put on the network card instead
of being permitted to use a cidr annotation for dedicated ip's. There is
a 128 ip limit for squid by default. This limit can be removed for linux
machines by re-compiling and adjusting the limits. In the ipv6
deployment that I'm trying to create, I need much more than 128 ip's.

There are no instructions, at least none that I could find in a basic
google search, on how to increase this limit on a windows deployment.
With ipv6 ip's I'm setting up individual ipv6's per squid acl's so that
users have access to specific ipv6 proxies. Only issue I have is the 128
ip limit imposed by default. Now when you have access to an ipv6 /29
range 128 usable ip's is a drop in the bucket and I'd need the ability
to have squid to use thousands of ipv6 ip addresses on demand. The first
128 work fine, but when adding the 129th, the entirety of squid
immediately stops working. The acl that I'm using looks like this:

acl ip1 myip 2axx:xxxx:285::1
tcp_outgoing_address 2axx:xxxx:285::1 ip1

acl ip2 myip 2axx:xxxx:285::2
tcp_outgoing_address 2axxxx:xxxx:285::2 ip2

How can I compile squid for windows to get around the 128 ip limit imposed?

-- 
Best Regards,

Jared Twyler