<html><head>
</head>
<body style="margin-bottom:45px">
<div style="font-size: 10pt; "><p dir="ltr" style="margin-top:0;margin-bottom:0;">For your dynamic ip problem, you could easily write a small bash script to do a scheduled nslookup on a dynamic dns hostname using dyn or no-ip. Write it so that it dumps the output into your firewall rules to keep the ip updated in your firewall rules.</p><p dir="ltr" style="margin-top:0;margin-bottom:0;"><br></p><div id="SignatureBox" dir="ltr" style="margin-top:0;margin-bottom:0;"><p dir="ltr" style="margin-top:0;margin-bottom:0;font-size:9pt;font-style:italic;"> Benjamin E. Nichols</p><p dir="ltr" style="margin-top:0;margin-bottom:0;font-size:9pt;font-style:italic;"><a href="http://www.squidblacklist.org">http://www.squidblacklist.org</a></p><p dir="ltr" style="margin-top:0;margin-bottom:0;font-size:9pt;font-style:italic;"><br></p><p dir="ltr" style="margin-top:0;margin-bottom:0;font-size:9pt;font-style:italic;"><a href="tel:1-405-397-1360">1-405-397-1360</a></p></div></div><div style="font-size: 10pt; "><div id="LGEmailHeader" dir="ltr" style="margin-top:0;margin-bottom:0;"><p dir="ltr" style="margin-top:0;margin-bottom:0;"><br></p><p dir="ltr" style="margin-top:0;margin-bottom:0;">------ Original message------</p><p dir="ltr" style="margin-top:0;margin-bottom:0;"><b>From: </b>Walter H.<walter.h@mathemainzel.info></walter.h@mathemainzel.info></p><p dir="ltr" style="margin-top:0;margin-bottom:0;"><b>Date: </b>Mon, Nov 28, 2016 2:58 AM</p><p dir="ltr" style="margin-top:0;margin-bottom:0;"><b>To: </b>Eliezer Croitoru;</p><p dir="ltr" style="margin-top:0;margin-bottom:0;"><b>Cc: </b><a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>;</p><p dir="ltr" style="margin-top:0;margin-bottom:0;"><b>Subject:</b>Re: [squid-users] Hint for howto wanted ...</p><p dir="ltr" style="margin-top:0;margin-bottom:0;"><br></p></div><pre>On Mon, November 28, 2016 06:56, Eliezer Croitoru wrote:> OK so the next step is:> Routing over tunnel to the other proxy and on it(which has ssl-bump)> <a href="http://intercept.by">intercept.by</a> now only the 3.5.20 squid on the local VM does SSL-bump> If you have a public on the remote proxies which can use ssl-bump then> route the traffic to there using Policy Based routing.how do I configure this?> You can selectively route by source or destination IP <a href="http://addresses.by">addresses.by</a> now the remote has in its iptables to only accept port 3128 from myhome IP (IPv6 and IPv4), but the IPv4 at home changes several times ayear;means it is not fix;>> Now my main question is: Can't you just install 3.5 on the 3.1.23 machine> and bump there?SSL bump and parent proxy together doesn't work,if this worked I wouldn't need the 3.1.23 machine at all ...the 3.1.23 machine has the other 2 proxies (3.4.14-remote and3.5.20-local) as parent ...I should mention that the 3.5.20 box also has ClamAV (SquidClam) whichdoes malware checking ...(the remote proxy can't run ClamAV)> How are you intercepting the connections? What are the iptables rules you> are using?the client have configured the 3.1.23 squid box as proxy> What OS are you running on top of the Squid boxes?all squid boxes run CentOS 6.8Thanks,Walter_______________________________________________squid-users mailing<a href="mailto: listsquid-users@lists.squid-cache.orghtt"> listsquid-users@lists.squid-cache.orghtt</a>p://<a href="http://lists.squid-cache.org/listinfo/squid-users">lists.squid-cache.org/listinfo/squid-users</a></pre></div>
</body></html>