On Thursday, June 02, 2011 01:03:06 AM Amos Jeffries wrote:
> On 02/06/11 19:41, errno wrote:
> > Just to confirm:
> >
> > If I have multiple ip aliases assigned to the same physical nic, will
> > there still be port conflicts on an ip (aliased) based multi-instanced
> > squid server?
>
> There is rarely a need for the combo of IP aliasing + Squid.
>
You know, maybe this just now actually clicked in my brain...
So, let's say that we did have a few different aliased IPs (on different
subnets):
For example:
eth0 -> 192.196.0.2
eth0:1 -> 192.196.1.2
eth0:2 -> 192.196.2.2
eth0:3 -> 192.168.3.2
Rather than setting up, say, 4 separate instances of squid - one per subnet -
I'm thinking why not just set up 1 single instance (say, on 192.196.0.2), then
just use iptables to redirect any traffic hitting the other IPs (192.196.1.2
through 192.168.3.2) to the 192.196.0.2? Then the single squid.conf would
be configured (somehow) to use the appropriate tcp_outgoing_address(?),
or something?
Something like:
incoming request to 192.196.2.2:80 ->
iptables passes it to 192.196.0.2:80 ->
squid receives request on 192.196.0.2, but dispatches back out 192.196.2.2
???
Something along those lines?
Or can I achieve the same effect w/o iptables - by just supplying multiple
ip:ports to http_port ? The primary concern is that if a request to squid
comes in on one particular address, that squid will ensure that this
request leaves squid with the same tcp_outgoing_address - which is
why we were (naively?) using multiple separate instances... each
instance had:
include /etc/squid/squid_common.conf
access_log /var/log/squid/access_192.168.0.2.log squid
auth_param basic program /usr/libexec/squid/ncsa_auth /etc/squid/passwd
http_port 192.168.0.2:8002
tcp_outgoing_address 192.168.0.2
pid_filename /var/run/squid_192.168.0.2.pid
visible_hostname 192.168.0.2
Thanks for helping to clear my confusion and possible derive a much
simpler and easier to maintain squid service; and huge thanks to
Amos for the incredible amount of time and assistance he offers on
this list!
Received on Fri Jun 03 2011 - 18:26:48 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 04 2011 - 12:00:01 MDT