[squid-users] Squid traffic paths

Alex Rousskov rousskov at measurement-factory.com
Tue Aug 27 18:29:24 UTC 2024 

On 2024-08-27 14:07, Scott Bates wrote:
> My lab is setup as such:
> Hypervisor host
> Squid VM
> Test VM 1 (windows)
> Test VM 2 (windows)
> Test VM 3 (windows)
> 
> I have my proxies setup in the squid config. On the test vms I have the 
> windows proxy settings pointing to the squid IP and port. If I check the 
> public IP on that vm it shows up as the proxy IP. And in the proxy logs 
> I see traffic going out.
> 
> The issue I'm having is that some external services are seeing the hosts 
> public IP for the test vms and not the proxy ip.

What protocol do those external services use in problematic use cases? 
Does Squid see the corresponding requests from VMs? Squid can only proxy 
HTTP and FTP...


 > I'm not exactly sure how squid handles all dns traffic.

Squid generates DNS queries (if needed) and, naturally, receives DNS 
answers for the queries it generates. Squid does not receive and, hence, 
does not forward/proxy DNS queries. There is no dns_port option in 
squid.conf; only http(s)_port and ftp_port.

 > never_direct allow port3127_acl
 > never_direct allow all

Pick one. The first (more restrictive) rule is not needed if you are 
going to allow all.


HTH,

Alex.


> Squid config:
> *# First proxy
> http_port 3127
> acl port3127_acl myport 3127
> cache_peer PROXYIP parent 9229 0 proxy-only no-query no-digest 
> login=USERNAME:PASSWORD
> cache_peer_access PROXYIP allow port3127_acl
> cache_peer_access PROXYIP deny all
> never_direct allow port3127_acl
> never_direct allow all
> http_access allow port3127_acl
> # Deny caching on all proxies (optional)
> cache deny all
> # Default access control
> http_access deny all
> dns_nameservers 127.0.0.1
> forwarded_for off
> request_header_access X-Forwarded-For deny all*
> 
> I'm not exactly sure how squid handles all dns traffic. I feel like this 
> might be a dns issue. I tried using google dns and the squid server ip 
> as dns on the test vms but same issue.
> I started to mess around with dnsmasq installed on squid but I'm not 
> sure if I'm going down the right path or not.
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list