[squid-users] how 2 setup multiple 'routes' thru squid-cache based on listener port? from OpenMacNews on 2005-08-28 (squid-users)

From: OpenMacNews <OpenMacNews@dont-contact.us>
Date: Sun, 28 Aug 2005 19:41:50 -0700

hi all,

i've squid-cache v25-STABLE10 running on a OSX 10.4.2 box.

currently, squid successfully 'front-ends' Privoxy & Tor, routing all
lan-originated traffic out to the internet via the anonimizing OnionRouter
network.

in effect, i have:

local apps (ip:10.0.0.xx)
    |
    |
-----------
           |
           | (ip:10.0.0.2)
|----------------------------|
| -------------------------- |
| | Squid | |
| | listen: 10.0.0.2:8888 | |
| | listen: 127.0.0.1:8888 | |
| -------------------------- |
| |
| -------------------------- |
| | Privoxy | |
| | listen: localhost:8118 | |
| -------------------------- |
| |
| -------------------------- |
| | Tor | |
| | listen: localhost:9050 | |
| -------------------------- |
|----------------------------|
           | (ip:10.0.0.2)
           |
           | (ip:10.0.0.1)
|----------------------------|
| NAT Router |
| iptables |firewall |
|----------------------------|
           | (ip:A.B.C.D)
           |
        Onion
        Router
        Network
           |
           |
     public internet

of course, along the way to the above config, i've had squid operating
'standalone' as a 1st step ...

####################################################################
my QUESTION is:

can i have BOTH configs simultaneously available to LAN clients,
based on a user-selectable squid proxy port?

and, if i can, should i be using a single /cache-dir, or multiple?
####################################################################

what i'm looking for (i think ...) is, in effect:

      local apps
           |
           |
|---------------------------|
| Squid |
| |
| port 8888 | port 7777 |
| | | |
| Privoxy | |
| | | |
| Tor | |
| | | |
|---------------------------|
           |
|----------------------------|
| |
| NAT Router |
| iptables |firewall |
| |
|----------------------------|
           |
           |
    Onion
    Router or DIRECT
    Network
           |
           |
    public internet

the relevant parts of squid.conf to making the Squid-->Privoxy(-->Tor)
connection work are:

        http_port 10.0.0.10:8888
        http_port 127.0.0.1:8888
        cache_peer 127.0.0.1 parent 8118 3130 no-query default

        httpd_accel_port 80
        httpd_accel_host virtual
        httpd_accel_with_proxy on
        httpd_accel_uses_host_header on

        acl all src 0.0.0.0/0.0.0.0
        acl localhost src 127.0.0.1/
        acl MY_LAN src 10.0.0.0/255.255.255.0

        never_direct allow all
        http_access allow localhost
        http_access allow MY_LAN
        forwarded_for off

now, i'm guessing that to ADD the second ports, i'd add:

http_port 10.0.0.10:7777
http_port 127.0.0.1:7777

but i immediately get confused here ...

how do i 'route' the different listener ports' traffic differently?

in particular, whereas the port 8888 traffic MUST avoid the origin servers, and
hit the parent privoxy cache, via:

        never_direct allow all
        ...
        cache_peer 127.0.0.1 parent 8118 3130 no-query default

the port 7777 traffic would need a direct connection to the origin servers ...

what's the right approach here? ports ACLs? or, am i looking at this all wrong?

thx for any pointers/example/references! heck, even what to properly google on
whould help ...

cheers,

richard

application/pgp-signature attachment: stored

Received on Sun Aug 28 2005 - 20:41:59 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:02 MDT