[squid-users] (possibly dynamic?) multiple port forwarding in the same internal Network ...

Albretch Mueller lbrtchx at gmail.com
Tue May 25 12:36:09 UTC 2021 

On 5/25/21, Antony Stone <Antony.Stone at squid.open.source.it> wrote:
> On Tuesday 25 May 2021 at 07:51:21, Albretch Mueller wrote:
>
>>  As part of a teaching and learning (TaL)/school software, I need squid:
>>
>>  a) to detect one of the connected computers in an internal network
>> comprising wirelessly connected and wired computers as the "master"
>> (operated by the teacher);

> What information is available to Squid in order to "detect" that this is the
> "master" machine?

 I think a combination of cookies, its mac address and, when both
fail, authentication. Wouldn't that be enough?, perhaps with an extra
proxy server? My main problem is that I don't want for students boxes
to be prompted for or trying to initiate an authentication and I don't
know of a fool proof way of achieving that. If possible, all students'
business should let go through with squid serving as transparent
proxy.

 Probably squid could cache that request as local files to the extent
that it can and just redirect the requests of students' clients as
references to that file using an ICAP server somehow?

>>  b) when that master reach out to an outside URL, the response should
>> be replicated in that master's and all other internal computers; but
>
> What do you mean by "the response should be replicated in ... all other
> internal computers"?

 that the initial request by the teacher should be received as
response by all students

> Are you assuming that these computers are already running a browser,

 Well, technically, I think we could assume that, why would that be
problematic? How bad would if be if they are not running a browser,
you could interrupt an initiated request, you could even shot down
your computer in the middle of a download or transaction without a
problem. Why would that be that difficult? or, was is it exactly I am
not getting right?

> that
> they should suddenly get some (apparently) web server response via Squid and
> display it, even though they did not make any request?

> If so, I would say this is impossible - you can't get a computer to show a
> response to a request it did not make.

 Yes, this is what I meant, why is that so hard? Again, my forte is
not networking, but I could see how the requested file could be cached
and forwarded to all student boxes. Perhaps using an ICAP server.

>>  c) responses to requests originating in the non master ("slave"?)
>> ends, return to their corresponding ends;
>
> So, any computer other than the "master" simply makes requests and gets
> standard responses as usual.  Fie.

 Yes, once you know the request originated in the non master machine,
it would go back to the initiating client. Again, why would that be
that problematic?

>>  d) at times the master should be able to switch off that replicating
>> feature;
>
> What times?

 Teacher may decide to "privately" check out some information by
herself without it being displayed on all students' ends or even
concurrently open another "private" browser window.

> How?

 This is what I don't know but I think (probably somewhat naively) it
shouldn't be that hard. Again, session tracking via cookies or URL
rewriting, maybe?

>  I really think you need to explain this "replicating
> feature" in more detail (and preferably in network terms, from the point of
> view of the software running on the master, and the software running on a
> non-master.

 I am not a networking guy but probably you could point out to me some
related documents explaining specifically the kinds of problematics
around these kinds of issues.

>>  e) more than one or all computers should be able to play "master";
>
> I repeat my first question - what information is available to Squid in order
> to
> "detect" that this is the "master" machine?

 I think I answer that in §a. Again, why would that be that hard?

>>  f) all other "slave" should operate in a "transparent proxy" mode;
>
> Are you including SSL in this?

 Yes, if possibly, all kinds of communications, but just http (no
encryption) for the student client machines would be fine.

>>  g) on a single computer, someone could use different
>> browsers/versions to do a-f ...
>>
>>  I have seen that partially implemented one way or the other, however
>> I need to integrate/manage all parts as part of an integrated whole.
>
>>  So, my questions could be reduced to: which exactly are the
>> configuration lines that should be changed in both squid and the
>> browsers on the connected computers or the different browsers in the
>> same computer?
>
> I think this request is (a) a *lot* more complicated than this, and probably
> a
> lot more complicated than you think it is, and (b) in parts, impossible.

 I am squarely OK with "lots of complication" and as I said, you might
not be able to completely and directly implement all aspects using
squid, but what aspects of that integrated whole do you think are
impossible?

 lbrtchx

More information about the squid-users mailing list