Re: [squid-users] Reconfiguring Squid every few seconds
Hey Roee, If Tiny-proxy works for you then it’s great. All The Bests, Eliezer * There are many ways to offer the same solution however the best solution is what works for you.. Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com> From: roee klinger Sent: Monday, March 21, 2022 02:34 To: Squid Users ; Eliezer Croitoru Subject: Re: [squid-users] Reconfiguring Squid every few seconds Thank you everyone for your advice. As far as I can tell, there is no graceful and easy way to do it in Squid out of the box, I will have to use namespaces + virtual interfaces or mark outgoing traffic from Squid, I am currently looking into these 2 solutions that you suggested, I will implement them and update here how it goes after testing. However, for now as much as I love Squid I need a fast and easy solution, so I decided to use Tiny-proxy transparent proxy instead, where I can simply run the service 40 times in parallel since it is so light. Then, if there is a reboot of the modem, I can simply restart the specific service I need, without effecting the other services and users. Of course, this only works if you have a really simple configuration, for example like my case: traffic from port 8001 -> out from modem1 traffic from port 8002 -> out from modem2 ... ... I will update shortly when I find a Squid solution, Roee On 20 Mar 2022, 14:33 +0200, Eliezer Croitoru mailto:ngtech1...@gmail.com> >, wrote: To give some perspective you can see the next example: https://github.com/elico/mwan-nft-lb-example but you need to learn first how network namespaces works in linux. You will probably need to run squid in it’s own namespace which will be managed from the “main” or “root” namespace. It will probably be similar to a management interface and virtual routers on products like Palo Alto. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com> From: Eliezer Croitoru mailto:ngtech1...@gmail.com> > Sent: Sunday, March 20, 2022 00:20 To: 'Squid Users' mailto:squid-users@lists.squid-cache.org> > Subject: RE: [squid-users] Reconfiguring Squid every few seconds Hey Roee, The best solution for you case is to use a network namespace Router between the squid instance to the actual modem interface. You can attach each modem to a network namespace and leave squid to do it’s thing with a static IP address. All The Bests, Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com> From: squid-users mailto:squid-users-boun...@lists.squid-cache.org> > On Behalf Of roee klinger Sent: Saturday, March 19, 2022 02:48 To: Squid Users mailto:squid-users@lists.squid-cache.org> > Subject: [squid-users] Reconfiguring Squid every few seconds Hello, I have a server with multiple 4G modems with Squid running on it, the 4G modems get an internal private IP that is dynamic (unfortunately this can't be changed), I set up Squid to use the interfaces as follows: tcp_outgoing_address The configuration works well and everything works great, however, whenever I restart one of the modems (I have many, and I restart them a lot), I get a new internal private IP, and I need to reconfigure Squid, this means that I will be running "squid -k reconfigure" multiple times a minute. Will this have a bad effect on Squid and traffic (I understand this does not cause Squid to restart)? What is my alternative? Thanks, Roee ___ squid-users mailing list squid-users@lists.squid-cache.org <mailto:squid-users@lists.squid-cache.org> http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Reconfiguring Squid every few seconds
Thank you everyone for your advice. As far as I can tell, there is no graceful and easy way to do it in Squid out of the box, I will have to use namespaces + virtual interfaces or mark outgoing traffic from Squid, I am currently looking into these 2 solutions that you suggested, I will implement them and update here how it goes after testing. However, for now as much as I love Squid I need a fast and easy solution, so I decided to use Tiny-proxy transparent proxy instead, where I can simply run the service 40 times in parallel since it is so light. Then, if there is a reboot of the modem, I can simply restart the specific service I need, without effecting the other services and users. Of course, this only works if you have a really simple configuration, for example like my case: traffic from port 8001 -> out from modem1 traffic from port 8002 -> out from modem2 ... ... I will update shortly when I find a Squid solution, Roee On 20 Mar 2022, 14:33 +0200, Eliezer Croitoru , wrote: > To give some perspective you can see the next example: > https://github.com/elico/mwan-nft-lb-example > > but you need to learn first how network namespaces works in linux. > You will probably need to run squid in it’s own namespace which will be > managed from the “main” or “root” namespace. > It will probably be similar to a management interface and virtual routers on > products like Palo Alto. > > Eliezer > > > Eliezer Croitoru > NgTech, Tech Support > Mobile: +972-5-28704261 > Email: ngtech1...@gmail.com > > From: Eliezer Croitoru > Sent: Sunday, March 20, 2022 00:20 > To: 'Squid Users' > Subject: RE: [squid-users] Reconfiguring Squid every few seconds > > Hey Roee, > > The best solution for you case is to use a network namespace Router between > the squid instance to the actual modem interface. > You can attach each modem to a network namespace and leave squid to do it’s > thing with a static IP address. > > All The Bests, > Eliezer > > > Eliezer Croitoru > NgTech, Tech Support > Mobile: +972-5-28704261 > Email: ngtech1...@gmail.com > > From: squid-users On Behalf Of > roee klinger > Sent: Saturday, March 19, 2022 02:48 > To: Squid Users > Subject: [squid-users] Reconfiguring Squid every few seconds > > Hello, > > I have a server with multiple 4G modems with Squid running on it, the 4G > modems get an internal private IP that is dynamic (unfortunately this can't > be changed), > > I set up Squid to use the interfaces as follows: > > tcp_outgoing_address > > > The configuration works well and everything works great, however, whenever I > restart one of the modems (I have many, and I restart them a lot), I get a > new internal private IP, and I need to reconfigure Squid, this means that I > will be running "squid -k reconfigure" multiple times a minute. > > Will this have a bad effect on Squid and traffic (I understand this does not > cause Squid to restart)? What is my alternative? > > Thanks, > Roee > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Reconfiguring Squid every few seconds
To give some perspective you can see the next example: https://github.com/elico/mwan-nft-lb-example but you need to learn first how network namespaces works in linux. You will probably need to run squid in it’s own namespace which will be managed from the “main” or “root” namespace. It will probably be similar to a management interface and virtual routers on products like Palo Alto. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com> From: Eliezer Croitoru Sent: Sunday, March 20, 2022 00:20 To: 'Squid Users' Subject: RE: [squid-users] Reconfiguring Squid every few seconds Hey Roee, The best solution for you case is to use a network namespace Router between the squid instance to the actual modem interface. You can attach each modem to a network namespace and leave squid to do it’s thing with a static IP address. All The Bests, Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com> From: squid-users mailto:squid-users-boun...@lists.squid-cache.org> > On Behalf Of roee klinger Sent: Saturday, March 19, 2022 02:48 To: Squid Users mailto:squid-users@lists.squid-cache.org> > Subject: [squid-users] Reconfiguring Squid every few seconds Hello, I have a server with multiple 4G modems with Squid running on it, the 4G modems get an internal private IP that is dynamic (unfortunately this can't be changed), I set up Squid to use the interfaces as follows: tcp_outgoing_address The configuration works well and everything works great, however, whenever I restart one of the modems (I have many, and I restart them a lot), I get a new internal private IP, and I need to reconfigure Squid, this means that I will be running "squid -k reconfigure" multiple times a minute. Will this have a bad effect on Squid and traffic (I understand this does not cause Squid to restart)? What is my alternative? Thanks, Roee ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Reconfiguring Squid every few seconds
I once patched squid to use the local address of an incoming socket as the local address of the outgoing connection, instead of having 2k tcp_outgoing_address directives in my configuration. Perhaps something like this can be done here as well? вс, 20 мар. 2022 г. в 07:54, Amos Jeffries : > > On 19/03/22 13:48, roee klinger wrote: > > Hello, > > > > I have a server with multiple 4G modems with Squid running on it, the 4G > > modems get an internal private IP that is dynamic (unfortunately this > > can't be changed), > > > > I set up Squid to use the interfaces as follows: > > > > tcp_outgoing_address > > > > The configuration works well and everything works great, however, > > whenever I restart one of the modems (I have many, and I restart them a > > lot), I get a new internal private IP, and I need to reconfigure Squid, > > this means that I will be running "squid -k reconfigure" multiple times > > a minute. > > > > Will this have a bad effect on Squid and traffic (I understand this does > > not cause Squid to restart)? What is my alternative? > > > > Alternative is to **not** configure Squid with a static IP. > > You could use an outgoing TOS or NFMARK from Squid. The OS networking > rules can select routes based on that. > > OR, if the src-IP has to change based on the modem being used. You could > use the TOS/MARK in src-NAT rules before route selection - those being > the point reconfigured instead of Squid. > > Amos > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users -- HisShadow ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Reconfiguring Squid every few seconds
On 19/03/22 13:48, roee klinger wrote: Hello, I have a server with multiple 4G modems with Squid running on it, the 4G modems get an internal private IP that is dynamic (unfortunately this can't be changed), I set up Squid to use the interfaces as follows: tcp_outgoing_address The configuration works well and everything works great, however, whenever I restart one of the modems (I have many, and I restart them a lot), I get a new internal private IP, and I need to reconfigure Squid, this means that I will be running "squid -k reconfigure" multiple times a minute. Will this have a bad effect on Squid and traffic (I understand this does not cause Squid to restart)? What is my alternative? Alternative is to **not** configure Squid with a static IP. You could use an outgoing TOS or NFMARK from Squid. The OS networking rules can select routes based on that. OR, if the src-IP has to change based on the modem being used. You could use the TOS/MARK in src-NAT rules before route selection - those being the point reconfigured instead of Squid. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Reconfiguring Squid every few seconds
Hey Roee, The best solution for you case is to use a network namespace Router between the squid instance to the actual modem interface. You can attach each modem to a network namespace and leave squid to do it’s thing with a static IP address. All The Bests, Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: <mailto:ngtech1...@gmail.com> ngtech1...@gmail.com From: squid-users On Behalf Of roee klinger Sent: Saturday, March 19, 2022 02:48 To: Squid Users Subject: [squid-users] Reconfiguring Squid every few seconds Hello, I have a server with multiple 4G modems with Squid running on it, the 4G modems get an internal private IP that is dynamic (unfortunately this can't be changed), I set up Squid to use the interfaces as follows: tcp_outgoing_address The configuration works well and everything works great, however, whenever I restart one of the modems (I have many, and I restart them a lot), I get a new internal private IP, and I need to reconfigure Squid, this means that I will be running "squid -k reconfigure" multiple times a minute. Will this have a bad effect on Squid and traffic (I understand this does not cause Squid to restart)? What is my alternative? Thanks, Roee ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Reconfiguring Squid every few seconds
On 3/18/22 20:48, roee klinger wrote: I set up Squid to use the interfaces as follows: tcp_outgoing_address I will be running "squid -k reconfigure" multiple times a minute. Will this have a bad effect on Squid and traffic? Yes, it will. Squid reconfiguration is a fairly heavy, disruptive event. FWIW, we are working on a smooth reconfiguration project that removes most of the negative side effects of reconfiguration. What is my alternative? There are probably some routing solutions external to Squid, but I cannot recommend any specific one. If you are looking for a Squid-specific solution, then hacking Squid sources to do what you want (without reconfiguration) feels like a viable short-term workaround. I also see two long-term solutions: * Smooth reconfiguration: We have an ongoing project that makes Squid reconfigure just the changed configuration directives, without disrupting traffic. We can modify Squid to add the tcp_outgoing_address directive to the list of options that support smooth reconfiguration. * Dynamic routing: Modify Squid to select the outgoing IP address based on dynamically computed addresses. The address configuration strings can be supplied by an external ACL helper or an adaptation service implementing your custom IP detection logic, including loading the new IP address from a file. HTH, Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Reconfiguring Squid every few seconds
Hello, I have a server with multiple 4G modems with Squid running on it, the 4G modems get an internal private IP that is dynamic (unfortunately this can't be changed), I set up Squid to use the interfaces as follows: tcp_outgoing_address The configuration works well and everything works great, however, whenever I restart one of the modems (I have many, and I restart them a lot), I get a new internal private IP, and I need to reconfigure Squid, this means that I will be running "squid -k reconfigure" multiple times a minute. Will this have a bad effect on Squid and traffic (I understand this does not cause Squid to restart)? What is my alternative? Thanks, Roee ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
