Proxy-forward in Squid via a different public IP depending on the local port

forwardingipPROXYsquid

I wish to forward a persistent HTTP request through a different public IP. It connects to the server and stays connected as the server continuously streams data.

This needs to be transparent to the application; the routing logic needs to be limited to just making the HTTP connection to a target port number (or host:port).

I'm considering having a Squid service listening on a LAN IP but on several ports; if the application connects to port A, forward the request through nic A; for port B connections, forward through nic B; and so on.

Is this a suitable task for Squid? And where I could find some hints about the configuration? I got lost reading the Squid documentation finding for anything related to this (specifically how to map local ports->different output NICs).

Best Answer

Yes, it's possible with Squid.

http_port 3128
http_port 3129
http_port 3130

acl port1 myport 3128
acl port2 myport 3129
acl port3 myport 3130

tcp_outgoing_address x.x.x.1 port1
tcp_outgoing_address x.x.x.2 port2
tcp_outgoing_address x.x.x.3 port3

If you have differents gateway per IP address you also have to configure source routing:

ip rule add from x.x.x.1 table 10
ip rule add from x.x.x.2 table 11

ip route add table 10 default via GW1
ip route add table 11 default via GW2

ip route add default via GW3

In squid.conf, it's important to set:

server_persistent_connections off

Or my procedudore wouldn't work.

Best Answer

Related Solutions

Squid – HTTPS Not Working in Transparent Proxy

Iptables – Easiest way to allow direct HTTPS connection in Intercept mode

Related Topic