RE: [squid-users] how 2 setup multiple 'routes' thru squid-cache based on listener port?

From: Chris Robertson <crobertson@dont-contact.us>
Date: Mon, 29 Aug 2005 16:05:39 -0800

> -----Original Message-----
> From: OpenMacNews [mailto:OpenMacNews@speakeasy.net]
> Sent: Sunday, August 28, 2005 6:42 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] how 2 setup multiple 'routes' thru squid-cache
> based on listener port?
>
>
> hi all,
>
> i've squid-cache v25-STABLE10 running on a OSX 10.4.2 box.
>
> currently, squid successfully 'front-ends' Privoxy & Tor, routing all
> lan-originated traffic out to the internet via the
> anonimizing OnionRouter
> network.
>
> in effect, i have:
>
> local apps (ip:10.0.0.xx)
> |
> |
> -----------
> |
> | (ip:10.0.0.2)
> |----------------------------|
> | -------------------------- |
> | | Squid | |
> | | listen: 10.0.0.2:8888 | |
> | | listen: 127.0.0.1:8888 | |
> | -------------------------- |
> | |
> | -------------------------- |
> | | Privoxy | |
> | | listen: localhost:8118 | |
> | -------------------------- |
> | |
> | -------------------------- |
> | | Tor | |
> | | listen: localhost:9050 | |
> | -------------------------- |
> |----------------------------|
> | (ip:10.0.0.2)
> |
> | (ip:10.0.0.1)
> |----------------------------|
> | NAT Router |
> | iptables |firewall |
> |----------------------------|
> | (ip:A.B.C.D)
> |
> Onion
> Router
> Network
> |
> |
> public internet
>
>
> of course, along the way to the above config, i've had squid
> operating
> 'standalone' as a 1st step ...
>
> ####################################################################
> my QUESTION is:
>
> can i have BOTH configs simultaneously available to
> LAN clients,
> based on a user-selectable squid proxy port?
>
> and, if i can, should i be using a single /cache-dir,
> or multiple?
> ####################################################################
>
>
> what i'm looking for (i think ...) is, in effect:
>
>
> local apps
> |
> |
> |---------------------------|
> | Squid |
> | |
> | port 8888 | port 7777 |
> | | | |
> | Privoxy | |
> | | | |
> | Tor | |
> | | | |
> |---------------------------|
> |
> |----------------------------|
> | |
> | NAT Router |
> | iptables |firewall |
> | |
> |----------------------------|
> |
> |
> Onion
> Router or DIRECT
> Network
> |
> |
> public internet
>
>
> the relevant parts of squid.conf to making the
> Squid-->Privoxy(-->Tor)
> connection work are:
>
> http_port 10.0.0.10:8888
> http_port 127.0.0.1:8888
> cache_peer 127.0.0.1 parent 8118
> 3130 no-query default
>
> httpd_accel_port 80
> httpd_accel_host virtual
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> acl all src 0.0.0.0/0.0.0.0
> acl localhost src 127.0.0.1/
> acl MY_LAN src 10.0.0.0/255.255.255.0
>
> never_direct allow all
> http_access allow localhost
> http_access allow MY_LAN
> forwarded_for off
>
>
> now, i'm guessing that to ADD the second ports, i'd add:
>
> http_port 10.0.0.10:7777
> http_port 127.0.0.1:7777
>
> but i immediately get confused here ...
>
> how do i 'route' the different listener ports' traffic differently?
>
> in particular, whereas the port 8888 traffic MUST avoid the
> origin servers, and
> hit the parent privoxy cache, via:
>
> never_direct allow all
> ...
> cache_peer 127.0.0.1 parent 8118
> 3130 no-query default
>
> the port 7777 traffic would need a direct connection to the
> origin servers ...
>
> what's the right approach here? ports ACLs? or, am i looking
> at this all wrong?
>
> thx for any pointers/example/references! heck, even what to
> properly google on
> whould help ...
>
> cheers,
>
> richard
>

Adding something like...

   acl second_inport myport 7777
   always_direct allow second_inport

... above ...

   never_direct allow all

... should allow clients accessing your proxy through port 7777 to not use the privoxy (and therefore the TOR network), while pushing all other traffic through the anonymizing network.

Chris
Received on Mon Aug 29 2005 - 18:05:43 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:03 MDT