Hello,
I have a network namespace which runs a Wireguard VPN (only).
``
❯ ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state
UNKNOWN mode DEFAULT group default qlen 1000
link/none`
```
I'd like to run squid inside this network namespace. I normally do this
using a systemd unit, for example for tinyproxy:
```
❯ systemctl cat tinyproxy
# /usr/lib/systemd/system/tinyproxy.service
[Unit]
Description=Tinyproxy Web Proxy Server
After=network.target
[Service]
Type=forking
ExecStart=/usr/bin/tinyproxy -c /etc/tinyproxy/tinyproxy.conf
ExecReload=/usr/bin/kill -USR1 $MAINPID
PIDFile=/run/tinyproxy/tinyproxy.pid
PrivateDevices=yes
[Install]
WantedBy=multi-user.target
# /etc/systemd/system/tinyproxy.service.d/override.conf
[Service]
NetworkNamespacePath=/run/netns/vpn
BindReadOnlyPaths=/etc/netns/vpn/resolv.conf:/etc/resolv.conf:norbind
[Unit]
After=vpn.service
BindsTo=vpn.service
```
But if I do the same with the systemd unit of squid, it doesn't work. The
proxy process still runs within the standard namespace (if I curl using the
proxy, the IP is the one of the standard namespace)
Anyone got any ideas?
--
..
/**\
/****\
/\****/\
/ \**/ \
/ \/ \
/ /\ /\
/ \ / \ / \
/ \ / \/ \
\ /\ /\ /
\ / \ / \ /
\/ \/ \/
/\
/ +\
\+ /
\/
rdb.is
Book a meeting with me:
https://calendly.com/rdbisme
_______________________________________________
squid-users mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-users
