Re: squid.conf (udp_incoming/outgoing_address)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 28 Feb 1998 02:18:08 +0100

You don't need to configure any of them.

The primary use is if you want to run more than one Squid on the same
host (on different IP addresses).

A secondary use (althougt not recommended) is if you want to shield off
your Squid by forcing it to only listen on a internal interface.

The comments on udp_xxx_address is a bit misleading. If
udp_incoming_address is set then the same address is used as outgoing,
unless udp_outgoind_address is set.

Simplest configuration:
None of them set

Shielded configuration (assuming your OS shields the internal interface)
tcp_incoming_address 10.1.1.41
udp_incoming_address 10.1.1.41
udp_outgoing_address 195.x.xxx.xxx
If you have external siblings (caches fetching cache hits from you) then
you can't use this to shield Squid.

Recommendation for shielding: Use a firewall instead of telling Squid
which interfaces to use. Binding Squid to a internal interface is NOT a
reliable security measure on many OS:es.

---
Henrik Nordström
Sparetime Squid Hacker
Received on Fri Feb 27 1998 - 17:35:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:02 MST