Re: [squid-users] SQUID - Using random IP's

From: Chris Robertson <crobertson_at_gci.net>
Date: Wed, 16 Sep 2009 10:00:04 -0800

Vapourmike wrote:
> Hi,
>
> So assuming this then, I could potentially change the IP address on an
> hourly basis? do you have an example ACL rule I could use that would change
> the IP based upon time? Im a complete beginner at SQUID and thus I havnt
> even setup the IP's (if I have to), I literally installed via YUM and
> changed a few settings (such as forward_for and via). so in short ...
>
> Do I need to declare the IP's? and do you have an example ACL?
>

First have a look at the FAQ section on ACLs...

http://wiki.squid-cache.org/SquidFaq/SquidAcl

...especially the part dealing with time-based access...

http://wiki.squid-cache.org/SquidFaq/SquidAcl#head-ef469ed90b785ebb496c66523bb69030e0b7c906

...and finally the tcp_outgoing_address directive...

http://www.squid-cache.org/Doc/config/tcp_outgoing_address/

Just be aware, even though HTTP is stateless, there are any number of
sites and applications that use cookies to track a "session" and do not
play nice when that "session" changes source IP in the middle of the
transaction. You might want to use a combination of dstdom_regex and
tcp_outgoing_address (all domains starting with "a" go through the first
IP, all domains starting with "b" go through the second, etc.), or use a
src ACL to send each client out a specific IP. Otherwise, have your
clients pick an IP to connect to at random (using a proxy.pac or DNS
round robin) and base the tcp_outgoing_address on a myip ACL.

> Thanks
> Mike
>
> P.S Thanks for the swift reply, appreciated

Chris
Received on Wed Sep 16 2009 - 18:00:15 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 17 2009 - 12:00:02 MDT