[squid-users] many vms behind router to same proxy ips problems !

snakeeyes ahmed.zaeem at netstream.ps
Sat Feb 21 01:37:51 UTC 2015


Hi ,

 

I have  squid  with many ips already installed with and configured well with
tcp_outgoing directive.

 

The provlem that I face is ;

When many pc behind a router with same public ip use the proxy ips.

 

Assume I have 2 pcs

Pc1===> Using proxy ip 1.1.1.1

Pc2===>using proxy 1.1.1.2 

Note that 1.1.1.1 & 1.1.1.2 are just for example and we assume those ips are
existed on the main server squid.

 

Pc1 & pc2 ips are 192.168.1.100 & 192.168.1.101 and their public ip is
31.220.243.0

 

 

I go to pc1 and type "whatismyipaddrss.com "  I see 1.1.1.1

 

Then I go to pc2 and type "whatismyipaddrss.com "  I see 2.2.2.2

Now lets go back to pc1 and refresh the page  whatismyipaddrss.com ===?>
then I see 2.2.2.2 not 1.1.1.1 

 

This is my problem.

 

Why sometimes after somefrefresh I get the other ip not ip I put in in
browser ??

 

Could it because same pcs has same public ip ??

 

 

I tried to put por for each ip like 1.1.1.1:1333 and 2.2.2.2:1222 .... but
same resukt , the ip keep changes

 

Also I disabled cacing on squid but no luck .

 

Is that a natural thing ?

 

Or squid can be optimized ?

 

[root at dbmedia ~]# cat /etc/squid/squid.conf

# Lockdown Procedures

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd

acl ncsa_users proxy_auth REQUIRED

http_access allow ncsa_users 

#

#

# Recommended minimum configuration:

#

acl manager proto cache_object

acl localhost src 127.0.0.1/32 ::1

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

 

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network

acl localnet src 172.16.0.0/12  # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
machines

 

acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443         # https

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

 

#

# Recommended minimum Access Permission configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

 

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

 

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

 

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

 

#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#

 

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost

 

# And finally deny all other access to this proxy

http_access deny all

 

# Squid normally listens to port 3128

http_port 1111

http_port xxx.27.65:1165

http_port xx.27.68:1168

# We recommend you to use at least the following line.

hierarchy_stoplist cgi-bin ?

 

# Uncomment and adjust the following to add a disk cache directory.

#cache_dir ufs /var/spool/squid 100 16 256

#cache_dir null

cache deny all

# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid

 

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320

###############################

forwarded_for off

request_header_access Allow allow all

request_header_access Authorization allow all

request_header_access WWW-Authenticate allow all

request_header_access Proxy-Authorization allow all

request_header_access Proxy-Authenticate allow all

request_header_access Cache-Control allow all

request_header_access Content-Encoding allow all

request_header_access Content-Length allow all

request_header_access Content-Type allow all

request_header_access Date allow all

request_header_access Expires allow all

request_header_access Host allow all

request_header_access If-Modified-Since allow all

request_header_access Last-Modified allow all

request_header_access Location allow all

request_header_access Pragma allow all

request_header_access Accept allow all

request_header_access Accept-Charset allow all

request_header_access Accept-Encoding allow all

request_header_access Accept-Language allow all

request_header_access Content-Language allow all

request_header_access Mime-Version allow all

request_header_access Retry-After allow all

request_header_access Title allow all

request_header_access Connection allow all

request_header_access Proxy-Connection allow all

request_header_access User-Agent allow all

request_header_access Cookie allow all

request_header_access X-Forwarded-For deny all

request_header_access Via deny all

request_header_access All allow all

########################################

acl ipxx myip xx
acl ipxx myip xx
acl ipxx myip xx

 

#######################################

tcp_outgoing_address xxxx ipxxx

tcp_outgoing_address xxxx ipxxx

 

tcp_outgoing_address xxxx ipxxx

 

tcp_outgoing_address xxxx ipxxx

 

#####################################

 

 

 

 

 

squid -v

Squid Cache: Version 3.1.10

configure options:  '--build=i386-redhat-linux-gnu'
'--host=i386-redhat-linux-gnu' '--target=i686-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
'--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec'
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--enable-internal-dns'
'--disable-strict-error-checking' '--exec_prefix=/usr'
'--libexecdir=/usr/lib/squid' '--localstatedir=/var'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--with-logdir=$(localstatedir)/log/squid'
'--with-pidfile=$(localstatedir)/run/squid.pid'
'--disable-dependency-tracking' '--enable-arp-acl'
'--enable-follow-x-forwarded-for'
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain
-NTLM,SASL,DB,POP3,squid_radius_auth'
'--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth'
'--enable-digest-auth-helpers=password,ldap,eDirectory'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_
group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
'--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
'--enable-ident-lookups' '--with-large-files' '--enable-linux-netfilter'
'--enable-referer-log' '--enable-removal-policies=heap,lru' '--enable-snmp'
'--enable-ssl' '--enable-storeio=aufs,diskd,ufs' '--enable-useragent-log'
'--enable-wccpv2' '--enable-esi' '--with-aio' '--with-default-user=squid'
'--with-filedescriptors=16384' '--with-dl' '--with-openssl'
'--with-pthreads' 'build_alias=i386-redhat-linux-gnu'
'host_alias=i386-redhat-linux-gnu' 'target_alias=i686-redhat-linux-gnu'
'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom
-fasynchronous-unwind-tables -fpie' 'LDFLAGS=-pie' 'CXXFLAGS=-O2 -g -pipe
-Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom
-fasynchronous-unwind-tables -fpie'
--with-squid=/builddir/build/BUILD/squid-3.1.10

 

 

cheers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150220/eb4652ef/attachment-0001.html>


More information about the squid-users mailing list