ip addresses

From: Cliff Green <green@dont-contact.us>
Date: Mon, 3 Apr 2000 10:14:36 -0400 (EDT)

Hello, all.

We've just recently begun running squid (2.3.STABLE1) in order to proxy
off-campus requests for journal articles. This can't be an unusual task,
and I was hoping someone else has already run into and solved the problem
I've currently been beached on.

First, along with the usual acl's defined, we've added the following:

# this is to lockout oncampus use of the proxy with a manual config
acl our_hosts src aaa.bbb.0.0/255.255.0.0
# the next one is the host squid is running
acl this_host src aaa.bbb.ccc.ddd.eee/255.255.255.255
acl password proxy_auth REQUIRED

Then, after the default http_access lines, we've added:

http_access allow password
http_access deny all

Pretty standard so far.

We're using ncsa_auth against a passwd-like file (our tacacs accounts
file):
authenticate_program /products/squid/bin/ncsa_auth /etc/xtacpasswd

This works for most users (why it fails for others is another mystery...)

We also use a .pac file which 1) checks if the user is oncampus, then
returns DIRECT, 2) is trying to go to one of our proxied sites, then
returns "PROXY ourhost:ourport", then 3) if anything else, returns
"DIRECT".

The problem is that squid is apparently passing both its own IP address as
well as the IP of the personal machine that is being used. This pretty
much kills the utility of the proxy for us, as we will never know all the
addresses our users are dialing in from, and can only use something like
ncsa_auth to assure only our users are going through the proxy.

I've trawled through the FAQ, the User's Guide, the last few months of the
list archives, and skimmed through much (okay, not all) of what I could
search on the Net, and haven't figured out why this is happening, and what
I've clearly done wrong.

Do I just misunderstand what squid can and can't be used for, or have I
just missed something obvious?

How do we strip off the local PC's IP address and only pass the proxy's
address to our destinations?

c 

-- 
Clifford Green               Internet -  green@umdnj.edu
Academic Computing Services     voice -     732-235-5250
UMDNJ-IST                         fax -     732-235-5252
Received on Mon Apr 03 2000 - 08:18:32 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:38 MST