[squid-users] Issues with Squid Listening on 254 IP Addresses

Alexis DAVEAU alexis.daveau44 at gmail.com
Mon Sep 30 13:08:53 UTC 2024


Hello,

I need Squid to handle multiple IP addresses (more than 128), each bound to
port 3128, with different users authenticated and assigned to specific IP
addresses for outgoing traffic. However, I’ve encountered a limitation on
the number of IP addresses/ports that Squid can listen on.


Example configuration:

http_port 192.168.1.1:3128
http_port 192.168.1.2:3128
[...]
http_port 192.168.1.254:3128

auth_param basic program /usr/lib/squid/basic_ncsa_auth
/etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid_Proxy
auth_param basic casesensitive off
shutdown_lifetime 1 seconds

acl user1 proxy_auth user1
acl user2 proxy_auth user2
[...]
acl user254 proxy_auth user254

acl ip_192_168_1_1 localip 192.168.1.1
acl ip_192_168_1_2 localip 192.168.1.2
[...]
acl ip_192_168_1_254 localip 192.168.1.254

tcp_outgoing_address 192.168.1.1 user1
tcp_outgoing_address 192.168.1.2 user2
[...]
tcp_outgoing_address 192.168.1.254 user254

http_access allow user1 ip_192_168_1_1
http_access allow user2 ip_192_168_1_2
[...]
http_access allow user254 ip_192_168_1_254

http_access deny all


Compilation Attempts:
Recompiling using dpkg-buildpackage with the CXXFLAGS:

sudo apt-get build-dep squid
apt-get source squid
cd squid-*
export CXXFLAGS="-DMAXTCPLISTENPORTS=254"
dpkg-buildpackage -us -uc
sudo dpkg -i ../squid_5.2-1ubuntu4_amd64.deb
../squid-common_5.2-1ubuntu4_all.deb

However, when I run squid -v, the CXXFLAGS="-DMAXTCPLISTENPORTS=254" flag
does not appear in the compiled version. This makes me question if the
custom flag is even applied.

Compiling manually with make:

wget http://www.squid-cache.org/Versions/v5/squid-5.2.tar.gz
tar -xzf squid-5.2.tar.gz
cd squid-5.2
export CXXFLAGS="-DMAXTCPLISTENPORTS=254"
./configure --prefix=/usr --localstatedir=/var --libexecdir=/usr/lib/squid
--datadir=/usr/share/squid \
--sysconfdir=/etc/squid --with-logdir=/var/log/squid
--with-pidfile=/var/run/squid.pid \
--enable-ssl --enable-ssl-crtd --enable-auth --enable-cache-digests \
--enable-removal-policies="lru,heap" --enable-follow-x-forwarded-for
make
sudo make install
But again, after running squid -v, the custom flag doesn't appear, and the
limit for the number of listening IP addresses is still in place.

I’ve tested with various versions of Squid, ranging from 4.8 to 5.9, but
none of them seem to apply the custom flag for increasing the number of
listening addresses/ports.

Questions:
How can I confirm that Squid is applying the MAXTCPLISTENPORTS value? Is
there a way to force Squid to recognize this parameter?
Is there an alternative method to configure Squid to handle 254 IP
addresses without recompiling? Am I missing a critical step in the build
process?
Do you have any recommendations to optimize the configuration for managing
an entire /24 prefix with 254 addresses?
Any advice or suggestions would be greatly appreciated! I’ve done extensive
research on the issue, but I haven’t found a solution yet.

Thanks in advance for your help!

Best regards,
Alexis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240930/954aaf18/attachment.htm>


More information about the squid-users mailing list