I am using squid and dansguardian on the same FreeBSD 5.4 server.
Dansguardian -> Squid -> Internet
Squid is configured with x-forwarded-for patch and the acl work fine
as I can see in the Delay pools. However, this is not the case with
tcp_outgoing_address squid does not follow the X_Forwarded_For.
If anyone is interested I was testing the performance of a PIII with
550MHz, 128MB ram, 40 GB IDE-HDD. A friend of mine who is in the ISP
business wanted to see how much clients we are able to support with
such a heavly-loaded server. The server performed very well with
FreeBSD and Squid then we added Dansguardian with little los in
performance.
Squid was tested with 100+ clients (IPs) with delay pools then we
switched to intercepting mode and Dansguardian did well in
intercepting the request while squid's delay pools managed the
bandwidth. Then my friend had this crazy idea about making our proxy
"invisible" to the inside/outside world. So after following Henrik
Nordstrom's advice I configured squid to deny use tcp_outgoing_address
assigned to private IP's then we nated those to the 100+ client IP's.
After configuring the server with a virtual interface (using netgraph
on FreeBSD) and adding 100+ aliases (the private IPs to be NATed to
the REAL ones), I restarted the server.
Dansguardian intercepted the requests but IPNAT showed nothing. I
stopped Dansguardian and switched squid to intercepting mode and
everything was fine. Squid used the private IPs as
tcp_outgoing_addresses and IPNAT nated them back to REAL IPs.
Dansguardian has nothing to do with the problem as I mentioned earlier
since with it running in front of squid the delay pools follow the
X-Forwarded-For quite well.
PS: I wish my English teacher would see this post and admit that I
deserved more than a 'C'. Oh well High School is 12 years behind me
now.
-- Kind regards Abu KhaledReceived on Thu Jun 02 2005 - 23:40:55 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT