Re: [squid-users] multiple outgoing addresses in tcp_outgoing_address per ACL

From: AntiProxy <Admin@dont-contact.us>
Date: 11 Dec 2002 10:16:12 +0400

On Tue, 2002-12-10 at 20:30, Henrik Nordstrom wrote:
> As you probably have noticed this is not something supported by Squid
> out of the box.
>
> To have this you need to extend Squid with the functionality of randomly
> assigning IP addresses to clients.
>
> Things you need to consider before starting implementing such thing is
>
> How to select address:
>
> a) Should the address be assigned randomly per request
> b) or sticky per client, making the same client use the same address
> for all request.

'a' sounds easier to implement.. but harder to manage, especially in the
case of abuse.

i can go with 'b', a script could randomly pick an IP from the pool and
assing it to a client,
so whenever a client logs in with his username and password, his
outgoing interface would be the assinged IP.

>
> If 'b'. What defines a "client".
>
> 'b' is probably strongly preferred due to the amount of dumb web
> applications out on the net who fails to understand that users may come
> from multiple different IP addresses during the same session..

i agree..

>
> If you can implement this yourself, or need help from others in doing
> the actual implementation within Squid.

i'll see what i can do about this..
but i'm not gonna put my hopes up .)

>
>
> Finding the correct spots where to add this based on the where the
> existing tcp_outgoing_address directive is implemented should not be too
> hard I think, provided the information you need for identifying a
> "client" is readily available there.

currently, a client is identified throughout the entire session by their
username. i think thats all we need

>
> Regards
> Henrik

thanks Henrik.. i almost gave up on this, till you showed up
Regards,

AntiProxy

>
>
> tor 2002-11-28 klockan 12.08 skrev AntiProxy:
> > *bump*
> >
> > On Sun, 2002-11-03 at 16:22, AntiProxy wrote:
> > > hi everyone
> > >
> > > i have a rather uncommon setup/plan, as i intend to do outgoing tcp
> > > address selection (multiple outgoing IPs) based on matching ACLs, which
> > > is pretty straight-forward if i was to use the basic functionality of
> > > the tcp_outgoing_address configuration directive, where only one IP
> > > could be used as an outgoing address per tag.
> > >
> > > but what i need to do is specify an IP pool of multiple IPs per ACL (
> > > total of 3 ACLs ) e.g:
> > >
> > > tcp_outgoing_address 10.0.0.1-10.0.0.10 ACL1
> > > tcp_outgoing_address 10.0.0.11-10.0.0.20 ACL2
> > >
> > > so clients matching ACL1 would have a random outgoing IP ( per
> > > connection ) in the range of 10.0.0.1-10.0.0.10 .
> > >
> > > can anyone think of a solution?
> > > any help would be greatly appreciated
> > >
> > >
> > > regards,
> > >
> > > AntiProxy
> > --
> > AntiProxy <Admin@AntiProxy.Com>

-- 
AntiProxy <Admin@AntiProxy.Com>
Received on Tue Dec 10 2002 - 23:16:43 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:02 MST