Tuesday, 25 October 2011

Set Squid Proxy Outgoing IP

last week had me working on setting a squid proxy server with multiple IP/domains. the plan was to have squid route outgoing traffic to as many IPs that the server carries. the server only has one physical interface. the rest of the IPs are tied to it via aliases or a virtual interface. you can easily do this with the following command:

ifconfig ethX:Y <IP_ADDRESS>
where X is the number of your physical ethernet device, and Y is the number designated (arbitrary) for the virtual interface. you could also add the broadcast and netmask address in the same line as well. so it would look something like this:
ifconfig eth0:1 192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0
for testing, a minimal configuration had the proxy running in no time. it would listen to 2 IPs for incoming HTTP requests on different ports. supposedly it should also route requests in the same IP where it was received. it didn’t. popular web services (ipchicken.com, whatismyip.com, whatismyip.org) for knowing your IP were used and somehow the IP that came out was the main server IP. by “main server IP,” i mean the 1st IP bound to the network interface or i would say primary address. (look it up with ifconfig ethX, where ethX is the interface facing the Internet, of course, as you might have one that is only for your LAN). so if it were listening for incoming requests on 192.168.0.10:3128 (IP:port), i wanted it to go out the same way via 192.168.0.10. instead it was going out to, for example, 192.168.0.1 or the primary server IP.
after ‘Googling‘ with no luck, i sought advice from the experts of 4 Linux forums. at least on 3 of the forums, they were quick to say that “new outbound connections would normally default to the primary server IP,” or “the one where the route goes out.” and that was that. this is true, i guess. but my question wasn’t really answered.
looking up on google again, this time carefully reading the returned results, i found out that you could actually tell it to use the IP of your choice for outgoing traffic. (yeah, i overlooked that portion in the manual where it would’ve been obvious had i looked hard enough)
the key to this is tcp_outgoing_address. this is how it’s done as explained:
create an ACL for the incoming source network or just a specific IP(s):
acl my_network src 192.168.1.0/255.255.255.0 *
then use tcp_outgoing_address to specify which IP the incoming request should go out (of course, you have to own the IP)
tcp_outgoing_address <OUTGOING_IP_YOU_WANT> <ACL_NAME>, or
tcp_outgoing_address 192.168.0.1/255.255.255.0
NOTE: *the IPs used here are private IPs and are only used as examples. replace it with the IPs you want or that which is applicable to your network/server. also read up on squid proxy configuration. a good start about this topic is here. suggested further readings on ifconfig or how to set an IP to your network interface.
credit to http://yamz.wordpress.com 
Related Posts Plugin for WordPress, Blogger...