Urkow, Jason wrote:
> Hello,
>
> I am from a school division and we have squid boxes running in each of our schools. We also use the proxies for logging. We have a firewall that does our content filtering, and it filters based on the IP address from the requested IP address (the proxy server). Is it possible to setup a single squid server that has two IP address and have two instances of squid running (one for students and one for teachers). What we want is the filtering for students and teachers to be different based on the IP address of the squid server. what my problem is that if I have students pointing to proxy A (with IP 10.1.1.31) and teachers to proxy B (with IP 10.1.1.32) and proxy B isn't being filtered on our firewall, the students can still get the unfiltered content from proxy B even though they are pointing to proxy A.
>
> I have tried setting the http_port setting to
> Proxy A config file (with eth0 being 10.1.1.31):
> http_port 10.1.1.31:8080
>
> Proxy B config file (with eth1 being 10.1.1.32):
> http_port 10.1.1.32:8081
>
> I have tried some acl configs with the http_access without any success.
>
> There might be a way with iptables, but I do not know how to use it.
>
> Basically how can I get the "Proxy B process" to access the firewall, and still be filtered, without using the Proxy A (10.1.1.31) address?
>
> Any suggestions?
>
> Thanks in advance!
> Jason
>
If you want to run two separate instances of Squid on one box...
http://wiki.squid-cache.org/MultipleInstances
...will get you started.
If you want to run one instance of Squid (with a joint cache), then...
http_port 10.1.1.31:8080
http_port 10.1.1.32:8081
acl TeacherIP 10.1.1.32
tcp_outgoing_address 10.1.1.32 TeacherIP
server_persistent_connections off
...will put all traffic that comes in on 10.1.1.32 out using the same
IP. Persistent server connections can interfere with
tcp_outgoing_address (Squid will not open a second connection using a
different IP to a server where a persistent connection already exists),
so it's best to disable it.
Chris
Received on Fri Feb 20 2009 - 00:14:38 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 20 2009 - 12:00:01 MST