hi all,
i've squid-cache v25-STABLE10 running on a OSX 10.4.2 box.
currently, squid successfully 'front-ends' Privoxy & Tor, routing all
lan-originated traffic out to the internet via the anonimizing OnionRouter
network.
in effect, i have:
local apps (ip:10.0.0.xx)
|
|
-----------
|
| (ip:10.0.0.2)
|----------------------------|
| -------------------------- |
| | Squid | |
| | listen: 10.0.0.2:8888 | |
| | listen: 127.0.0.1:8888 | |
| -------------------------- |
| |
| -------------------------- |
| | Privoxy | |
| | listen: localhost:8118 | |
| -------------------------- |
| |
| -------------------------- |
| | Tor | |
| | listen: localhost:9050 | |
| -------------------------- |
|----------------------------|
| (ip:10.0.0.2)
|
| (ip:10.0.0.1)
|----------------------------|
| NAT Router |
| iptables |firewall |
|----------------------------|
| (ip:A.B.C.D)
|
Onion
Router
Network
|
|
public internet
of course, along the way to the above config, i've had squid operating
'standalone' as a 1st step ...
####################################################################
my QUESTION is:
can i have BOTH configs simultaneously available to LAN clients,
based on a user-selectable squid proxy port?
and, if i can, should i be using a single /cache-dir, or multiple?
####################################################################
what i'm looking for (i think ...) is, in effect:
local apps
|
|
|---------------------------|
| Squid |
| |
| port 8888 | port 7777 |
| | | |
| Privoxy | |
| | | |
| Tor | |
| | | |
|---------------------------|
|
|----------------------------|
| |
| NAT Router |
| iptables |firewall |
| |
|----------------------------|
|
|
Onion
Router or DIRECT
Network
|
|
public internet
the relevant parts of squid.conf to making the Squid-->Privoxy(-->Tor)
connection work are:
http_port 10.0.0.10:8888
http_port 127.0.0.1:8888
cache_peer 127.0.0.1 parent 8118 3130 no-query default
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/
acl MY_LAN src 10.0.0.0/255.255.255.0
never_direct allow all
http_access allow localhost
http_access allow MY_LAN
forwarded_for off
now, i'm guessing that to ADD the second ports, i'd add:
http_port 10.0.0.10:7777
http_port 127.0.0.1:7777
but i immediately get confused here ...
how do i 'route' the different listener ports' traffic differently?
in particular, whereas the port 8888 traffic MUST avoid the origin servers, and
hit the parent privoxy cache, via:
never_direct allow all
...
cache_peer 127.0.0.1 parent 8118 3130 no-query default
the port 7777 traffic would need a direct connection to the origin servers ...
what's the right approach here? ports ACLs? or, am i looking at this all wrong?
thx for any pointers/example/references! heck, even what to properly google on
whould help ...
cheers,
richard
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:02 MDT