running multilpe instances of squid

rolf · June 5 2005

OK, I have a squid proxy server for several computers. These computers are classified in 2 groups. One group has restricted access to the internet (no MSN, no kazaa, etc... ) and the other group full access. I also want to be able to generate usage statistics for each group independently of the other.

I would like to implement that by having 2 instances of squid running on the same computer, each instance dedicated to one group, and each instance having its own config file and own log file (so that I can generate independant statistics), but both instances sharing the same cache folder (for performance).

I am googling, and have not found anything yet

Is this possible? Or do you have any other solution to my problem?

Sadus · June 5 2005

no need to start 2 squid daemons (if you really want to do that, you have to make sure that squid deosn't use .lock files and to change the user and group of the second daemon), anyhow, why do you want squid or even a proxy server?
If your company is < 20 employee, then no need for squid.
Now if you want to do it in a simple way just use IPTABLES.
have each group on separate subnets:

1# 172.16.0.0/255.255.0.0 (in case you till want everybody to see each other, if not use 192.168.0.0/255.255.255.0)
2# 172.16.2.0/255.255.0.0

now your IPTABLES rules should look like this:

iptables -A INPUT -i eth0 -s 172.16.2.0/16 -p tcp -m multiport ! --destination-port  20,21,53,80,443 -j DROP #USER

this would block everything other than FTP, HTTP, HTTPS and DNS, (notice the "!" before --destination-port for all ips in the 172.16.2.0 network, to use this rule make sure that the MOD: ip_multiports is loaded

Now i never worked with stats because i didn't need them, when i do, i'll let you know but you're most probably searching for MRTG and IP accounting.
you can hack it as much as you want, just google for iptables tutorial or ask here for help

rolf · June 5 2005

Yeah thanks. I have already fixed that. The iptables rules are already there for blocking everything exept FTP and email for the office. The HTTP and HTTPS traffic goes through squid.
The motivation behind squid was logging employee activity and restricting usage of MSN and other IM. I found a great report generator here:
http://www.ledge.co.za/software/squint/index.php

There will be 3 groups of users on the server:
1- office users (about 15 PCs)
2- home users ( 4 PCs)
3 -Internet cafe in the future (10 PCs?)

the problem I had with my old report generator was to generate usage reports only for the office users.
The new squint thing is much more flexible in filtering hosts for the reports. You can use regular expressions, so no need for separate squid log files anymore.

rolf · June 5 2005

just google for iptables tutorial or ask here for help

I already know iptables inside out (that is from the user, not developer perspective), but thanks anyway!

LebGeeks

#1 June 5 2005

running multilpe instances of squid

#2 June 5 2005

Re: running multilpe instances of squid

#3 June 5 2005

Re: running multilpe instances of squid

#4 June 5 2005

Re: running multilpe instances of squid

Board footer