> Hi - noob here, I've searched the archives and not been able to find an
> answer so I thought I'd post. Apologies if it's been covered before.
>
> I have a debian squid server on our school's intranet called apollo.
>
> apollo has a parent proxy which we must use to access the internet,
> called proxy.embc.etc.etc. I cannot alter the embc proxy at all.
>
> The embc proxy applies a lower level of filtering for client 10.16.52.13
> only and a higher level for all other ips (our range is 10.16.52.0 to
> 10.16.54.255)
>
> All our clients are configured to pass through our proxy apollo, I wish
> to set rules up so that staff get the lower level of external filtering
> and the rest get the higher level of filtering.
>
> Currently I am testing this on my own pc acl mark_pc but will change for
> all staff once I get this working.
>
> I have set up an alias ip address on our proxy apollo and added what I
> believe are the following significant lines to squid.conf
>
> acl mark_pc src 10.16.52.33
> tcp_outgoing_address 10.16.52.13 mark_pc
> tcp_outgoing_address 10.16.52.237
> server_persistent_connections off
>
1) check that both IPs 10.16.52.13 and 10.16.52.237 are assigned to an
outgoing interface on the Squid box.
(done)
2) check that you are using a Squid 2.6 or later.
3)
tcp_outgoing_address 10.16.52.13 mark_pc
tcp_outgoing_address 10.16.52.237 !mark_pc
> however this hangs and timeouts my internet connection or slows it down
> significantly. This is immediately fixed if I comment out the line
> #tcp_outgoing_address 10.16.52.13 mark_pc
>
> Can anyone shed light on this problem? Please page down for Conf file
>
> ***** Other tests I've tried. ******
> 1) Setting up a workstation on 10.16.52.13 and setting it to use
> proxy.embc.etc directly - this worked fine.
>
> 2) Connecting to a server running phpinfo beyond both proxies
> this reported the following whether the line was commented or not.
> HTTP_X_FORWARDED_FOR 10.16.52.33, 10.16.52.237
>
> which makes me think that the embc server was not getting the correct Ip
> alias at all (10.16.52.13) but the main one for eth0
>
> ************************************************************************************
> ### Output of ifconfig
> apollo:~# ifconfig
> eth0 Link encap:Ethernet HWaddr 00:0E:0C:37:D4:B8
> inet addr:10.16.52.237 Bcast:10.16.255.255 Mask:255.255.252.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:3716779 errors:0 dropped:0 overruns:0 frame:0
> TX packets:3888417 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:2513027641 (2.3 GiB) TX bytes:2760724194 (2.5 GiB)
> Base address:0xde80 Memory:fea80000-feaa0000
>
> eth0:0 Link encap:Ethernet HWaddr 00:0E:0C:37:D4:B8
> inet addr:10.16.52.13 Bcast:10.16.255.255 Mask:255.255.252.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> Base address:0xde80 Memory:fea80000-feaa0000
> ************************************************************************************
> ### My squid.conf slightly edited for simplicity
> http_port 3128
> cache_mem 100 MB
> cache_dir ufs /var/spool/squid 500 16 256
>
> logfile_rotate 9
> offline_mode off
> maximum_object_size 102400 KB
> reload_into_ims off
> pipeline_prefetch off
> strip_query_terms off
> redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
>
> acl my_network src 10.16.52.0/255.255.252.0
> acl intranet dst 10.16.52.0/255.255.252.0
> acl all src 0.0.0.0/0.0.0.0
> acl SquidGuard_Rules ident REQUIRED
> acl local_network url_regex -i http://apollo* http://www.apollo*
> http://test.apollo* https://apollo* http://staffnet* http://filtered*
> http://filtered/ http://thor* http://10.16.5*
> acl mark_pc src 10.16.52.33
> acl notts_lea_intranet url_regex -i http://intra.nottinghamcity.gov.uk*
> acl blocked_domains dstdomain "/etc/squid/acl/blocked_domains.txt"
> acl staff ident fee.m wadsworth.k
>
> http_access allow intranet local_network
> http_access deny !SquidGuard_Rules
> http_access deny banned_users
> http_access deny blocked_domains
> http_access deny !my_network
> http_access allow SquidGuard_Rules
> http_access deny all
> deny_info http://filtered/?rule=noUser SquidGuard_Rules
> deny_info http://apollo/access_denied.php?url=%s blocked_domains
>
>
> cache_peer proxy.embc.org.uk parent 80 80 no-query
> cache_peer_access proxy.embc.org.uk allow !intranet
> cache_peer_domain proxy.embc.org.uk !apollo !apollo:10000 !www.apollo
> !test.apollo !manning.nottingham.sch.uk !thor !filtered !staffnet
> !cerberus !athena !athena:8080
> cache_effective_user proxy
> cache_effective_group proxy
> never_direct allow all !intranet !notts_lea_intranet
> always_direct allow notts_lea_intranet !all
> hierarchy_stoplist intra.nottinghamcity.gov.uk
>
> ### If I uncomment out the mark_pc line below,
> ### the internet hangs from my PC
>
> #tcp_outgoing_address 10.16.52.13 mark_pc
> tcp_outgoing_address 10.16.52.237
> server_persistent_connections off
>
>
Received on Wed Mar 18 2009 - 23:22:24 MDT
This archive was generated by hypermail 2.2.0 : Thu Mar 19 2009 - 12:00:02 MDT