Hi, How cancel this mailing list
Thanks ----- Original Message ----- From: "Amos Jeffries" <squ...@treenet.co.nz> To: <squid-users@squid-cache.org> Sent: Wednesday, October 24, 2012 8:35 AM Subject: Re: [squid-users] Squid 3.1 Client Source Port Identity Awareness > On 24.10.2012 07:55, Alexander.Eck wrote: >> Hi everyone, >> >> is it possible to have squid use the same Source Port to connect to >> the Web= >> server as the client uses to connect to squid ? >> > > No. One gets errors when bind() is used on an already open port. > connect() and sendto() do not supply the OS with IP:port details. > > >> >> My problem is the following setup: >> >> Various Citrix Server >> URL Filtering with Identity Awareness >> Squid 3.1 as Cache Proxy >> >> I had to install a Terminal Server Identity Agent on every Citrix >> Server to= >> distinguish the users. >> >> The Identity Agent assigns port ranges to every user, to distinguish >> them. >> >> >> Problem is: >> In my firewall logs i can see the identity of the user for the >> request from= >> the citrix server to the proxy (proxy is in the dmz). But i can't >> see the = >> identity from the request from the proxy to the Internet. >> >> My guess is, that this is because squid isn't using the same Source >> Port as= >> the client, or is not forwarding the Source Port. > > "client" also does not mean what you think it means. Squid is a client > in HTTP and can generate new or different requests along with those > aggregated from its inbound clients. > > HTTP/1.1 is also stateless with multiplexing and pipelines. Any > outgoing connection can be shared by requests received between multiple > inbound client connections. There is no relationship between inbound and > outbound - adding a stateful relationship (pinning) degrades performance > a LOT. > > How does your fancy client identification system correlate them > cheeses? > > PS: the TCP/IP firewall level is not a good place to log HTTP level > client details. > >> >> Did anybody try something similiar and got it working ? Is squid >> capable o= >> f doing this or do i have an error in reasoning about my setup ? >> >> Any help is appreciated :) > > > Amos