[squid-users] Squid + IPv6

IAPS Security Services, Ltd. jared at iaps.pro
Tue May 16 21:19:47 UTC 2017

What I need from squid is the ability to use thousands of ipv6 ip
addresses in normal http mode. I am not concerned about https at this
point. But the original question was how to increase the ip limit of
squid past the 128 ip maximum on a Windows platform. The main purpose is
to assign a specific set of ipv6 proxies to specific users.

Best Regards,

Jared Twyler
On 5/16/2017 4:14 PM, Eliezer  Croitoru wrote:
> Hey,
> (not sure what’s your first name)
> What do you actually need from squid, in words.
> Do you need it as a caching proxy?
> What functionality is the main business of squid in your scenario?
> To give specific users ip addresses the option to use a specific outgoing address?
> Do you need\want squid to enforce some policy else then the issue you are having?
> If you only need to "load balance'" or decide which outgoing ip will be used for a specific user source IP then there are much more efficient ways to do that these days.
> Also when you are talking about "big" number of users with big numbers of connections you need to be more specific about your upper limit.
> If you want it to be more then 128 but less the 1024 I would say go with squid and compile it but... when you are talking about 1k+ I would recommend you to rethink your strategy.
> If you don't care about SSL-BUMP for example then there are really simple ways to write a simple proxy which will do what you need, you just need the right programmer.
> All The Bests,
> Eliezer
> * I am really not looking for a job to write a proxy.. but just think it's a kind suggestion to redirect into some other directions.
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
> -----Original Message-----
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of IAPS Security Services, Ltd.
> Sent: Tuesday, May 16, 2017 10:21 PM
> To: squid-users at lists.squid-cache.org
> Subject: [squid-users] Squid + IPv6
> Greetings All,
> First time poster to the list, long time squid user.
> I have an issue I've come across and I'm greatful if the community can
> suggest ideas here. I've recently deployed squid for Windows from
> Diladele (http://squid.diladele.com/) and they said to bring my issue to
> the mail list.
> Here goes:
> Squid requires each individual ip to be put on the network card instead
> of being permitted to use a cidr annotation for dedicated ip's. There is
> a 128 ip limit for squid by default. This limit can be removed for linux
> machines by re-compiling and adjusting the limits. In the ipv6
> deployment that I'm trying to create, I need much more than 128 ip's.
> There are no instructions, at least none that I could find in a basic
> google search, on how to increase this limit on a windows deployment.
> With ipv6 ip's I'm setting up individual ipv6's per squid acl's so that
> users have access to specific ipv6 proxies. Only issue I have is the 128
> ip limit imposed by default. Now when you have access to an ipv6 /29
> range 128 usable ip's is a drop in the bucket and I'd need the ability
> to have squid to use thousands of ipv6 ip addresses on demand. The first
> 128 work fine, but when adding the 129th, the entirety of squid
> immediately stops working. The acl that I'm using looks like this:
> acl ip1 myip 2axx:xxxx:285::1
> tcp_outgoing_address 2axx:xxxx:285::1 ip1
> acl ip2 myip 2axx:xxxx:285::2
> tcp_outgoing_address 2axxxx:xxxx:285::2 ip2
> How can I compile squid for windows to get around the 128 ip limit imposed?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170516/908a3795/attachment.sig>

More information about the squid-users mailing list