Ubuntu – How to tell squid use Source IP address for sending requests

ipPROXYsquidUbuntu

I have two interfaces in my ifconfig, eth0 and eth1. Squid is set to accept connections from both of them on port 3000.

However, eth0's ip address is always used to send proxy requests, even if client has connected using eth1 address.

How do i force squid to always use just the source IP as tcp_outgoing_address (without writing this IP in config file)?

What i've tried additionally:

acl from_eth0 src A.B.C.D/1
acl from_eth1 src E.F.G.H/1

tcp_outgoing_address A.B.C.D from_eth0
tcp_outgoing_address E.F.G.H from_eth1

If i need to use iptables, how exactly rules will look for me?

Best Answer

There are many types of acl. src means the client IP and not the interface IP (local address).

I use localip acl type for that purpose:

acl from_eth0 localip A.B.C.D
acl from_eth1 localip E.F.G.H

tcp_outgoing_address A.B.C.D from_eth0
tcp_outgoing_address E.F.G.H from_eth1
tcp_outgoing_address 1.2.3.4 # default

ACL types are described in doc page.

However, it's painful to write each address by hand. I don't think it's a final solution because of that.

Related Solutions

Linux – Squid 2.7.STABLE3-4.1 as a transparent proxy on Ubuntu Server 9.04

Make sure you don't have conflicting port definitions, squid will probably listen on 3128 anyway, so you probably need to modify the existing statement, not add a new one.

Also try manually setting the box as a proxy and make sure it's otherwise working before making it transparent.

Ubuntu 9.10 and Squid 2.7 Transparent Proxy TCP_DENIED

You must tell squid that it is setup as a transparent system

Instead of

http_port 3128

You need

# enable the transparent option for interception caching
http_port 3128 transparent

Best Answer

Related Solutions

Linux – Squid 2.7.STABLE3-4.1 as a transparent proxy on Ubuntu Server 9.04

Ubuntu 9.10 and Squid 2.7 Transparent Proxy TCP_DENIED

Related Topic