[squid-users] https_port Listen on different IP

Amos Jeffries squid3 at treenet.co.nz
Sat Oct 20 04:10:01 UTC 2018


On 20/10/18 6:04 AM, Alex Rousskov wrote:
> On 10/19/2018 01:10 AM, houheming wrote:
>> https_port 443 ...
>> https_port 180.97.33.107:443 ...
>> https_port 180.97.33.108:443 ...
> 
> I am not sure, but perhaps the first https_port line (the one without an
> explicit IP address) should come _last_ so that Squid can listen on the
> addresses that remain after 180.97.33.107 and 180.97.33.108 are taken by
> the other two ports?

I think that is what was meant by "If I switch line1 with line2 and
line3 ..., then only line2 and line3 will get its chance to work, line1
will not work. "

The problem is that TCP does not permit any IP:port combination to have
two simultaneous listening sockets with different parameters. These
configuration lines differ in both address and protocol they are receiving.


houheming:
 you have to use different ports to receive the traffic into Squid.

Since you are using TPROXY there is no requirement for the proxy
listening port to be 443. Squid can listen on any port you want.

This problem should disappear if you set the wildcard port to another
number and update the TPROXY rule which is sending traffic to it.

Amos


More information about the squid-users mailing list