[sdnog] configure outgoing configuration based on incoming ports

[Patrick Okui]

On 29 Jun 2016, at 16:02 EAT, Samir S. Omer wrote:

> Hi Patrick
>
> So the port binding and forwarding will be done by squid without the 
> need for IP masquerading or Port forwarding configuration on the 
> firewall ?


I do not understand what you mean by this.

I assume you’ve used the 
[http_port](http://www.squid-cache.org/Doc/config/http_port/) to make 
squid listen on multiple ports.

So basically you would have

	http_port 8081
	http_port 8082


This means squid will accept incoming connections to any IP on the local 
machine on ports 8081 and 8082

If alternatively you want to make squid bind to a particular IP on the 
local machine in addition to the port then you need (for example)

	http_port 192.168.1.1:8081
	http_port 192.168.1.2:8082

This means that on the IP 192.168.1.2 nothing is listening on port 8081 
- only 8082 and vice versa on the IP 192.168.1.1.

However, to _use_ the squid running on those ports someone has to edit 
the proxy options in their browser (or operating system). You can also 
set up authentication for each port separately so someone needs the 
right password for the right port.

If you want squid to be transparent to the end user, you need to 
redirect the HTTP traffic as it goes out of your network to come to your 
squid on requisite ports. This is called transparent proxying (or 
interception proxying by Trouble and friends). This requires work on a 
device in the path between the user and the internet. Typically a 
firewall or a router. In that case you need MASQ, or redirect rules or 
an ACL or ….

Again, it’d help to know what exactly you’re trying to achieve.

--
patrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20160629/1195f5b0/attachment.html>