Urkow, Jason wrote:
Hello,
I am from a school division and we have squid boxes running in each of our
schools. We also use the proxies for logging. We have a firewall that does our
content filtering, and it filters based on the IP address from the requested IP
address (the proxy server). Is it possible to setup a single squid server that
has two IP address and have two instances of squid running (one for students
and one for teachers). What we want is the filtering for students and teachers
to be different based on the IP address of the squid server. what my problem is
that if I have students pointing to proxy A (with IP 10.1.1.31) and teachers to
proxy B (with IP 10.1.1.32) and proxy B isn't being filtered on our firewall,
the students can still get the unfiltered content from proxy B even though they
are pointing to proxy A.
I have tried setting the http_port setting to
Proxy A config file (with eth0 being 10.1.1.31):
http_port 10.1.1.31:8080
Proxy B config file (with eth1 being 10.1.1.32):
http_port 10.1.1.32:8081
I have tried some acl configs with the http_access without any success.
There might be a way with iptables, but I do not know how to use it.
Basically how can I get the "Proxy B process" to access the firewall, and still be filtered, without using the Proxy A (10.1.1.31) address?
Any suggestions?
Thanks in advance!
Jason
If you want to run two separate instances of Squid on one box...
http://wiki.squid-cache.org/MultipleInstances
...will get you started.
If you want to run one instance of Squid (with a joint cache), then...
http_port 10.1.1.31:8080
http_port 10.1.1.32:8081
acl TeacherIP 10.1.1.32
tcp_outgoing_address 10.1.1.32 TeacherIP
server_persistent_connections off
...will put all traffic that comes in on 10.1.1.32 out using the same
IP. Persistent server connections can interfere with
tcp_outgoing_address (Squid will not open a second connection using a
different IP to a server where a persistent connection already exists),
so it's best to disable it.
Chris
