[squid-users] tcp_outgoing_address working on Windows machine but not on Ubuntu
On my Windows machine I can successfully connect to interface 1 and have the connections go out from interface 2 using "tcp_outgoing_address", but this does not work on my Linux Ubuntu machine. Anyone else notice this and know the reason and solution for this? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] tcp_outgoing_address working on Windows machine but not on Ubuntu
That's right, I'm using the IP address of the interface for tcp_outgoing_address. I want to be using tcp_outgoing_address based on the port number of the incoming connection. Would that be possible by using Linux routing? -Original Message- From: Matus UHLAR - fantomas To: squid-users Sent: Fri, Jun 15, 2018 3:01 am Subject: Re: [squid-users] tcp_outgoing_address working on Windows machine but not on Ubuntu On 15.06.18 01:05, davidjesse...@aol.com wrote:>On my Windows machine I can successfully connect to interface 1 and have> the connections go out from interface 2 using "tcp_outgoing_address", but> this does not work on my Linux Ubuntu machine. Anyone else notice this> and know the reason and solution for this?do those connections come from IP address defined in tcp_outgoing_address?tcp_outgoing_address does not define interface but an address. The interfaceis tken from kernel routing table.you must apparently configure routing in order to get what you want.-- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/Warning: I wish NOT to receive e-mail advertising to this address.Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.Enter any 12-digit prime number to continue.___squid-users mailing listsquid-users@lists.squid-cache.orghttp://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] tcp_outgoing_address working on Windows machine but not on Ubuntu
That's right, I'm using the IP address of the interface for tcp_outgoing_address. I want to be using tcp_outgoing_address based on the port number of the incoming connection. Would that be possible by using Linux routing? -Original Message- From: Matus UHLAR - fantomas To: squid-users Sent: Fri, Jun 15, 2018 3:01 am Subject: Re: [squid-users] tcp_outgoing_address working on Windows machine but not on Ubuntu On 15.06.18 01:05, davidjesse...@aol.com wrote:>On my Windows machine I can successfully connect to interface 1 and have> the connections go out from interface 2 using "tcp_outgoing_address", but> this does not work on my Linux Ubuntu machine. Anyone else notice this> and know the reason and solution for this?do those connections come from IP address defined in tcp_outgoing_address?tcp_outgoing_address does not define interface but an address. The interfaceis tken from kernel routing table.you must apparently configure routing in order to get what you want.-- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/Warning: I wish NOT to receive e-mail advertising to this address.Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.Enter any 12-digit prime number to continue.___squid-users mailing listsquid-users@lists.squid-cache.orghttp://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] iptables setup for tcp_outgoing_address
I have two network interfaces on my machine. I'm trying to setup incoming through the enp1s0's IP address and if the connection comes from port 11000 then I want squid to use wlx74da388c32c7's IP address. IPs on my machine root@poweredge:/var/log/squid# ip addr show 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp1s0: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:1e:4f:cd:c1:5f brd ff:ff:ff:ff:ff:ff inet 192.168.1.212/24 brd 192.168.1.255 scope global enp1s0 valid_lft forever preferred_lft forever inet6 fe80::21e:4fff:fecd:c15f/64 scope link valid_lft forever preferred_lft forever 3: wlx74da388c32c7: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 74:da:38:8c:32:c7 brd ff:ff:ff:ff:ff:ff inet 172.16.11.107/24 brd 172.16.11.255 scope global dynamic noprefixroute wlx74da388c32c7 valid_lft 3531sec preferred_lft 3531sec inet6 fe80::4e86:c190:1e45:4722/64 scope link noprefixroute valid_lft forever preferred_lft forever I want to connect to Squid proxy using the 192.168.1.212 and if I am connecting using port 11000, I want squid to have the traffic go out of the 172.16.11.107 IP Below is the relevant part of my squid.conf http_port 11000 name=port_11000 acl port_11000_acl myportname port_11000 tcp_outgoing_address 172.16.11.107 port_11000_acl >From what I have read the above configuration should be enough for Squid, but >on Linux machines, I also need to use iptables. I have never used IP tables. What would I need to do with iptables to make this work? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] iptables setup for tcp_outgoing_address
I just tried the same configuration on my Windows machine and it works fine. Must be some Linux networking getting in the way. I tried a few things, if I use another interface's IP address for tcp_outgoing_address on my Linux machine then web pages don't load. If I use the same IP as I connect to Squid then it works. But on Windows, I can connect to one ip and have an IP of another interface for tcp_outgoing_address and the outgoing traffic works as expected -Original Message- From: Alex Rousskov To: davidjesse091 ; squid-users Sent: Fri, Jun 15, 2018 7:01 pm Subject: Re: [squid-users] iptables setup for tcp_outgoing_address On 06/15/2018 04:42 PM, davidjesse...@aol.com wrote: > I want to connect to Squid proxy using 192.168.1.212 and if I am > connecting using port 11000, I assume you meant "connecting to port 11000" (there is also the client source port, but it should not matter here). > I want squid to have the traffic go out of the 172.16.11.107 IP > http_port 11000 name=port_11000 > acl port_11000_acl myportname port_11000 > tcp_outgoing_address 172.16.11.107 port_11000_acl Looks good to me, provided all your outgoing traffic goes to IPv4 addresses (no IPv6). > What would I need to do with iptables to make this work? Why do you think you need iptables? What does not work if you do not use IP tables? Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] iptables setup for tcp_outgoing_address
I tried curl --interface 172.16.11.107 http://www.example.com yesterday and it worked fine, but now it looks like it does not work. Just hangs forever. So there is an issue there for sure. I will try to find out why it's not working. -Original Message- From: Alex Rousskov To: davidjesse091 ; squid-users Sent: Fri, Jun 15, 2018 11:43 pm Subject: Re: [squid-users] iptables setup for tcp_outgoing_address On 06/15/2018 05:12 PM, davidjesse...@aol.com wrote: > if I use another interface's IP address > for tcp_outgoing_address on my Linux machine then web pages don't load. Does using "another interface" IP address work with curl or wget executed on the Squid Linux box? curl --interface 172.16.11.107 http://www.example.com wget --bind-address=172.16.11.107 http://www.example.com Alex. > -Original Message- > From: Alex Rousskov > To: davidjesse091 ; squid-users > > Sent: Fri, Jun 15, 2018 7:01 pm > Subject: Re: [squid-users] iptables setup for tcp_outgoing_address > > On 06/15/2018 04:42 PM, davidjesse...@aol.com > <mailto:davidjesse...@aol.com> wrote: > >> I want to connect to Squid proxy using 192.168.1.212 and if I am >> connecting using port 11000, > > I assume you meant "connecting to port 11000" (there is also the client > source port, but it should not matter here). > > >> I want squid to have the traffic go out of the 172.16.11.107 IP > > >> http_port 11000 name=port_11000 >> acl port_11000_acl myportname port_11000 >> tcp_outgoing_address 172.16.11.107 port_11000_acl > > Looks good to me, provided all your outgoing traffic goes to IPv4 > addresses (no IPv6). > > >> What would I need to do with iptables to make this work? > > Why do you think you need iptables? What does not work if you do not use > IP tables? > > > Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] iptables setup for tcp_outgoing_address
I found out how to solve this issue. The answer lies here https://serverfault.com/questions/487891/cant-ping-multihomed-linux-machine-on-non-default-interface -Original Message- From: Alex Rousskov To: davidjesse091 ; squid-users Sent: Fri, Jun 15, 2018 11:43 pm Subject: Re: [squid-users] iptables setup for tcp_outgoing_address On 06/15/2018 05:12 PM, davidjesse...@aol.com wrote: > if I use another interface's IP address > for tcp_outgoing_address on my Linux machine then web pages don't load. Does using "another interface" IP address work with curl or wget executed on the Squid Linux box? curl --interface 172.16.11.107 http://www.example.com wget --bind-address=172.16.11.107 http://www.example.com Alex. > -Original Message- > From: Alex Rousskov > To: davidjesse091 ; squid-users > > Sent: Fri, Jun 15, 2018 7:01 pm > Subject: Re: [squid-users] iptables setup for tcp_outgoing_address > > On 06/15/2018 04:42 PM, davidjesse...@aol.com > <mailto:davidjesse...@aol.com> wrote: > >> I want to connect to Squid proxy using 192.168.1.212 and if I am >> connecting using port 11000, > > I assume you meant "connecting to port 11000" (there is also the client > source port, but it should not matter here). > > >> I want squid to have the traffic go out of the 172.16.11.107 IP > > >> http_port 11000 name=port_11000 >> acl port_11000_acl myportname port_11000 >> tcp_outgoing_address 172.16.11.107 port_11000_acl > > Looks good to me, provided all your outgoing traffic goes to IPv4 > addresses (no IPv6). > > >> What would I need to do with iptables to make this work? > > Why do you think you need iptables? What does not work if you do not use > IP tables? > > > Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Forward to SOCKS proxy?
Can Squid be used to convert incoming HTTP proxy requests to a SOCKS server? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Squid IPv4:port to IPv6
I'm trying to connect to Squid with one IPv4 IP and based on the port I'm connecting with, I want Squid to use a different IPv6 IP for the connection. Below is my config file acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localhost #http_access deny all http_port 3128 coredump_dir /var/spool/squid refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # Allow all machines to all sites http_access allow all #Privacy Things via off forwarded_for off follow_x_forwarded_for deny all ## designate acl based on inbound connection name acl user1 myportname 3128 acl user2 myportname 3129 acl user3 myportname 3130 acl user4 myportname 3131 acl user5 myportname 3132 ## define outgoing IPv6 per user tcp_outgoing_address 2000:3c03:e000:25f::1:0 user1 tcp_outgoing_address 2000:3c03:e000:25f::1:1 user2 tcp_outgoing_address 2000:3c03:e000:25f::1:2 user3 tcp_outgoing_address 2000:3c03:e000:25f::1:3 user4 tcp_outgoing_address 2000:3c03:e000:25f::1:4 user5 The issue I'm facing is that I can only use the proxy with port 3128, and it does proxy it to "2000:3c03:e000:25f::1:0" as it should. But if I use port 3129 then I can not connect to the proxy. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
