-1

Please someone help. I've spent 2 weeks trying to get proxy script that was always used on a different server with 128 ips working on the new server with 253 ips.

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT


http_access allow manager localhost
http_access deny manager

# http_access deny !Safe_ports
# http_access deny CONNECT !SSL_ports
# http_access deny all

http_access allow localnet
http_access allow localhost

# hierarchy_stoplist cgi-bin ?



# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid 300 16 256
coredump_dir /var/spool/squid

 refresh_pattern ^ftp:           1440    20%     10080
 refresh_pattern ^gopher:        1440    0%      1440
 refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
 refresh_pattern .               0       20%     4320

 auth_param basic program /usr/lib/squid3/basic_ncsa_auth

 auth_param basic children 5
 auth_param basic realm Squid proxy-caching web server
 auth_param basic credentialsttl 2 hours
 acl ncsa_auth proxy_auth REQUIRED
 http_access allow ncsa_auth

# http_port 3000 

http_port 164.163.XXX.2:3000 intercept name=3000
http_port 164.163.XXX.3:3000 intercept name=3001


acl ip1 myportname 3000
acl ip2 myportname 3001

tcp_outgoing_address 164.163.XXX.2 ip1
tcp_outgoing_address 164.163.XXX.3 ip2



forwarded_for off

#request_header_access Allow allow all
#request_header_access Authorization allow all
#request_header_access WWW-Authenticate allow all
#request_header_access Proxy-Authorization allow all
#request_header_access Proxy-Authenticate allow all
#request_header_access Cache-Control allow all
#request_header_access Content-Encoding allow all
#request_header_access Content-Length allow all
#request_header_access Content-Type allow all
#request_header_access Date allow all
#request_header_access Expires allow all
#request_header_access Host allow all
#request_header_access If-Modified-Since allow all
#request_header_access Last-Modified allow all
#request_header_access Location allow all
#request_header_access Pragma allow all
#request_header_access Accept allow all
#request_header_access Accept-Charset allow all
#request_header_access Accept-Encoding allow all
#request_header_access Accept-Language allow all
#request_header_access Content-Language allow all
#request_header_access Mime-Version allow all
#request_header_access Retry-After allow all
#request_header_access Title allow all
#request_header_access Connection allow all
#request_header_access Proxy-Connection allow all
#request_header_access User-Agent allow all
#request_header_access Cookie allow all
#request_header_access All deny all

After a week I got 128 proxies working on squid 3.1 but was told to do compile of squid 3.5 with the following configure options for 253 proxies to work on the same server:

configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--verbose' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--enable-ssl-crtd' '--enable-icmp' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' '--without-nettle' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' '--enable-ltdl-convenience' 'CXXFLAGS=-DMAXTCPLISTENPORTS=256'

Can someone please help me because IDK what the proxy script is really doing with:

http_port 164.163.XXX.2:3000 intercept name=3000 http_port 164.163.XXX.3:3000 intercept name=3001

acl ip1 myportname 3000 acl ip2 myportname 3001

tcp_outgoing_address 164.163.XXX.2 ip1 tcp_outgoing_address 164.163.XXX.3 ip2

Right now, on squid 3.5 I cant get any of them to work anymore.

Gerard H. Pille
  • 2,569
  • 1
  • 13
  • 11
Cheyenne Hemmati
  • 1
  • 6

1 Answers1

0

Add

acl localnet src 164.163.0.0/16

With the other acl localnet lines. You did not allow those ip's to use squid.

When I'm reading the following guide: https://askubuntu.com/questions/680246/proxy-server-multiple-ips

I see:

http_port xx.xxx.xxx.111:3128 name=3128
http_port xx.xxx.xxx.112:3129 name=3129
...

and then for each port:

acl tasty3128 myportname 3128 src yy.yyy.yyy.0/24
http_access allow tasty3128
tcp_outgoing_address xx.xxx.xxx.111 tasty3128

acl tasty3129 myportname 3129 src yy.yyy.yyy.0/24
http_access allow tasty3129
tcp_outgoing_address xx.xxx.xxx.112 tasty3129

In your config, I don't see the "http_access allow ...".

Gerard H. Pille
  • 2,569
  • 1
  • 13
  • 11
  • That didnt fix it – Cheyenne Hemmati Mar 16 '18 at 03:09
  • Then what happens? What do you see in the logs? – Gerard H. Pille Mar 16 '18 at 04:38
  • Its weird tho, it works perfectly in squid 3.1 but it doesnt in 3.5 – Cheyenne Hemmati Mar 16 '18 at 19:00
  • The method you provided works with squid 3.1 to get 128 ips working. But in squid 3.5 a compile is necessary. Once i compiled i cannot get any ips to work in 3.5 – Cheyenne Hemmati Mar 16 '18 at 19:08
  • Perhaps you can say it once more that it doesn't work. It may even be true. Can't you start the new squid? Did you stop the old one? WHAT DO YOU SEE IN THE LOGS? (I'm asking very kindly). Do you get an error if you try to use it? – Gerard H. Pille Mar 16 '18 at 19:19
  • sorry man,...which log are you talking about and how do i check. Also, I wasnt able to start squid after squid 3.5 compile until i installed 3.1 again, and now its 3.1 that is starting – Cheyenne Hemmati Mar 17 '18 at 21:16
  • The logs in /var/log/squid. Perhaps you built a 64bit squid and your OS is only 32bit? Anyway, if you try to start it there should be an error message or a log. – Gerard H. Pille Mar 17 '18 at 21:22
  • right now i have both squid 3.5.27 and 3.1 installed however only 3.1 starts but when i type cd var/log/squid it says theres no such directory – Cheyenne Hemmati Mar 17 '18 at 22:02
  • You mean /var/log/squid don't you? If it doesn't exist then create it. In your build it says $(localstatedir)/log/squid. What value did you use for localstatedir? It should be writeable by squid user. – Gerard H. Pille Mar 18 '18 at 03:25
  • https://serverfault.com/questions/903620/error-in-squid-log-proxies-failing Here is my error bro. Sorry about before. Im learning. – Cheyenne Hemmati Mar 20 '18 at 16:01
  • Sorry, but I won't have time tonight to look into this, just want to say that this looks like a firewall problem. I'll be back. – Gerard H. Pille Mar 20 '18 at 16:08
  • Verify your iptables and sysctl.conf : https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat – Gerard H. Pille Mar 21 '18 at 14:38
  • Hi Gerard, thank you i had gotten all 254 proxies working by verifying iptables and deleting the intercept from script. But this morning I ran into issue with maximum file descriptors and all proxies stopped working. Could you please tell me what the maximum number is? Can I set it to 15000 just to not run into this issue again? – Cheyenne Hemmati Mar 24 '18 at 17:17
  • You should verify the nofile limit of the squid user. If you increase it, squid will have to be restarted - reboot the system to be sure. – Gerard H. Pille Mar 24 '18 at 18:49
  • yep thanks Gerard. I changed it to 16384. You think that will be fine? – Cheyenne Hemmati Mar 25 '18 at 05:05
  • What I think is that squid itself warns AGAINST opening more ports than necessary. What on earth made you think you knew better? – Gerard H. Pille Mar 25 '18 at 07:34
  • well i use a sneaker bot and i've ran 4:1 proxies without issues always. And since theres 250 proxies that would be 1000 tasks but they are simple http requests. I read each port on squid runs a max of 3 file descriptors so i guess i would be running about 3000 file descriptors. – Cheyenne Hemmati Mar 25 '18 at 15:52
  • You really don't know a thing about a forward proxy, do you? – Gerard H. Pille Mar 25 '18 at 21:02