want ignore if the ips added to the interface and force running it

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

want ignore if the ips added to the interface and force running it

--Ahmad--
Hello Guys .

sometimes i add like 100 ips on server interfaces then i run squid  including the 100 ips in the config
config  like :

http_port 1.1.1.1:8080
acl ip1 myip 1.1.1.1
tcp_outgoing_address 1.1.1.1 ip1

and its ok ……




now say  the ip 1.1.1.1 wasn’t added to the interface config , when i run squid service ,  i will see error in squid say “cant combined address “ and squid will crash .

so …. what i need to do it is :

i want to force squid to be run even if the ip address not added to the network card .

is there any directive or edit c++ files ?


cheers

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: want ignore if the ips added to the interface and force running it

Amos Jeffries
Administrator
On 11/01/18 19:36, --Ahmad-- wrote:

> Hello Guys .
>
> sometimes i add like 100 ips on server interfaces then i run squid  including the 100 ips in the config
> config  like :
>
> http_port 1.1.1.1:8080
> acl ip1 myip 1.1.1.1
> tcp_outgoing_address 1.1.1.1 ip1
>
> and its ok ……
>
>
>
>
> now say  the ip 1.1.1.1 wasn’t added to the interface config , when i run squid service ,  i will see error in squid say “cant combined address “ and squid will crash .
>
> so …. what i need to do it is :
>
> i want to force squid to be run even if the ip address not added to the network card .
>
> is there any directive or edit c++ files ?


Use wildcard port(s) and a localip ACL. Like so:

  http_port 8080
  acl ip1 localip 1.1.1.1
  tcp_outgoing_address 1.1.1.1 ip1


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: want ignore if the ips added to the interface and force running it

--Ahmad--
must the ip be attached on os interface so that squid use it as outgoing address ?

can squid use outgoing address that not being attached to the interface ?

i tried to outgoing address that not attached but squid gave an error :
2018/01/11 04:42:36 kid1| commBind: Cannot bind socket FD 11622 to [2abc:5ad1:1bc6:bc09:d18a:5fb4:239a:6277]: (99) Cannot assign requested address

whats your thoughts ?


On Jan 11, 2018, at 9:01 AM, Amos Jeffries <[hidden email]> wrote:

localip


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: want ignore if the ips added to the interface and force running it

Amos Jeffries
Administrator
On 11/01/18 21:50, --Ahmad-- wrote:
> must the ip be attached on os interface so that squid use it as outgoing
> address ?
>
> can squid use outgoing address that not being attached to the interface ?
>

No it cannot.

But that is also why the config I suggested works where the one you
attempted does not.

The ACL is what determines whether Squid attempts to bind an IP and it
will never match *until* there is inbound traffic actually arriving with
that local-IP.

So you configure Squid up-front with the IPs you are going to maybe
assign. Then after Squid is running you assign and de-assign as
necessary from that set, no need to reconfigure Squid constantly.



> i tried to outgoing address that not attached but squid gave an error :
> 2018/01/11 04:42:36 kid1| commBind: Cannot bind socket FD 11622 to
> [2abc:5ad1:1bc6:bc09:d18a:5fb4:239a:6277]: (99) Cannot assign requested
> address
>
> whats your thoughts ?

I think the above is not IPv4. So your IPv4 specific settings are not
relevant.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: want ignore if the ips added to the interface and force running it

--Ahmad--
is this squid limitation ?

or

kernel limitation ?



> On Jan 11, 2018, at 12:07 PM, Amos Jeffries <[hidden email]> wrote:
>
> On 11/01/18 21:50, --Ahmad-- wrote:
>> must the ip be attached on os interface so that squid use it as outgoing address ?
>> can squid use outgoing address that not being attached to the interface ?
>
> No it cannot.
>
> But that is also why the config I suggested works where the one you attempted does not.
>
> The ACL is what determines whether Squid attempts to bind an IP and it will never match *until* there is inbound traffic actually arriving with that local-IP.
>
> So you configure Squid up-front with the IPs you are going to maybe assign. Then after Squid is running you assign and de-assign as necessary from that set, no need to reconfigure Squid constantly.
>
>
>
>> i tried to outgoing address that not attached but squid gave an error :
>> 2018/01/11 04:42:36 kid1| commBind: Cannot bind socket FD 11622 to [2abc:5ad1:1bc6:bc09:d18a:5fb4:239a:6277]: (99) Cannot assign requested address
>> whats your thoughts ?
>
> I think the above is not IPv4. So your IPv4 specific settings are not relevant.
>
> Amos
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: want ignore if the ips added to the interface and force running it

Matus UHLAR - fantomas
>> On 11/01/18 21:50, --Ahmad-- wrote:
>>> must the ip be attached on os interface so that squid use it as outgoing address ?
>>> can squid use outgoing address that not being attached to the interface ?

>> On Jan 11, 2018, at 12:07 PM, Amos Jeffries <[hidden email]> wrote:
>> No it cannot.

On 11.01.18 12:22, --Ahmad-- wrote:
>is this squid limitation ?
>
>or
>
>kernel limitation ?

what about logical limitation? in order for software to use an IP address,
that address must be configured in the system.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: want ignore if the ips added to the interface and force running it

Antony Stone
On Thursday 11 January 2018 at 13:02:43, Matus UHLAR - fantomas wrote:

> >> On 11/01/18 21:50, --Ahmad-- wrote:
> >>> must the ip be attached on os interface so that squid use it as
> >>> outgoing address ? can squid use outgoing address that not being
> >>> attached to the interface ?
> >>
> >> On Jan 11, 2018, at 12:07 PM, Amos Jeffries <[hidden email]>
> >> wrote: No it cannot.
>
> On 11.01.18 12:22, --Ahmad-- wrote:
> >is this squid limitation ?
> >
> >or
> >
> >kernel limitation ?
>
> what about logical limitation? in order for software to use an IP address,
> that address must be configured in the system.

I'd say it's a networking limitation.  If Squid sends packets from an address
which is not on the server, where will the reply packets end up and what use
are they?


Antony.

--
Atheism is a non-prophet-making organisation.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: want ignore if the ips added to the interface and force running it

Amos Jeffries
Administrator
On 12/01/18 01:08, Antony Stone wrote:

> On Thursday 11 January 2018 at 13:02:43, Matus UHLAR - fantomas wrote:
>
>>>> On 11/01/18 21:50, --Ahmad-- wrote:
>>>>> must the ip be attached on os interface so that squid use it as
>>>>> outgoing address ? can squid use outgoing address that not being
>>>>> attached to the interface ?
>>>>
>>>> On Jan 11, 2018, at 12:07 PM, Amos Jeffries wrote:
>>>> No it cannot.
>>
>> On 11.01.18 12:22, --Ahmad-- wrote:
>>> is this squid limitation ?
>>>
>>> or
>>>
>>> kernel limitation ?
>>
>> what about logical limitation? in order for software to use an IP address,
>> that address must be configured in the system.
>
> I'd say it's a networking limitation.  If Squid sends packets from an address
> which is not on the server, where will the reply packets end up and what use
> are they?
>

Indeed.

So to reply to Ahmad more clearly;

It is a limitation being _enforced_ by your kernel networking system.
But that is only enforcement so don't think you can just patch around
it. Patching around this one will just make you hit other errors
elsewhere with the networking systems.


The only way to send non-assigned IPs from a machine is with mechanisms
like TPROXY. Which places requirements on the *inbound* networking
operates. Those inbound requirements prohibit Squid from being
configured like you are wanting its inbound to operate.


Anyhow, I think we are getting well of track with this. My earlier
suggested config was correct and the only way to reliably do what you
said you wanted. Other problems can still occur, but are not related to
the problem you first posted nor to the config I suggested to make that
requested behaviour happen.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: want ignore if the ips added to the interface and force running it

--Ahmad--
Guys you were great , thanks for all your replies .

you help me so much


cheers

> On Jan 11, 2018, at 2:37 PM, Amos Jeffries <[hidden email]> wrote:
>
> On 12/01/18 01:08, Antony Stone wrote:
>> On Thursday 11 January 2018 at 13:02:43, Matus UHLAR - fantomas wrote:
>>>>> On 11/01/18 21:50, --Ahmad-- wrote:
>>>>>> must the ip be attached on os interface so that squid use it as
>>>>>> outgoing address ? can squid use outgoing address that not being
>>>>>> attached to the interface ?
>>>>>
>>>>> On Jan 11, 2018, at 12:07 PM, Amos Jeffries wrote:
>>>>> No it cannot.
>>>
>>> On 11.01.18 12:22, --Ahmad-- wrote:
>>>> is this squid limitation ?
>>>>
>>>> or
>>>>
>>>> kernel limitation ?
>>>
>>> what about logical limitation? in order for software to use an IP address,
>>> that address must be configured in the system.
>> I'd say it's a networking limitation.  If Squid sends packets from an address
>> which is not on the server, where will the reply packets end up and what use
>> are they?
>
> Indeed.
>
> So to reply to Ahmad more clearly;
>
> It is a limitation being _enforced_ by your kernel networking system. But that is only enforcement so don't think you can just patch around it. Patching around this one will just make you hit other errors elsewhere with the networking systems.
>
>
> The only way to send non-assigned IPs from a machine is with mechanisms like TPROXY. Which places requirements on the *inbound* networking operates. Those inbound requirements prohibit Squid from being configured like you are wanting its inbound to operate.
>
>
> Anyhow, I think we are getting well of track with this. My earlier suggested config was correct and the only way to reliably do what you said you wanted. Other problems can still occur, but are not related to
> the problem you first posted nor to the config I suggested to make that requested behaviour happen.
>
> Amos
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users