Today I want to just give you a pill, but I’m sure that even if is short this article will save a lot of time to someone who, like me, has this requirement.
Having a machine with Linux and various IP (which can be IPv4 and / or ipv6) and a Squid Proxy Server configure your browser to use that proxy on one of these IP and go out from that server with the same IP and not with the default ip .
This can be useful if you have services that require 1 specific IP to be allowed, or if you want to give the proxy server to different people and still be able to trace what they do.
To achieve this we’ll use the ACL, Squid has very good ACL’s (Access Control Lists) built into the squid.conf file, allowing you to lock down or control the access by names, IP’s, networks, time of day, actual day. Remember however that like every firewall the more complicated an ACL is, the slower Squid will be to respond to requests.
The directive that will need to set this configuration is tcp_outgoing_address, from Squid manual:
Allows you to map requests to different outgoing IP addresses
based on the username or source address of the user making the request.
tcp_outgoing_address ipaddr [[!]aclname] …
But i think that is easier to show directly the result with some examples:
Example where requests from 10.0.0.0/24 will be forwarded with source address 10.1.0.1,
The net 10.0.2.0/24 is forwarded with source address 10.1.0.2 and the rest will be forwarded with source address 10.1.0.3.
acl abc src 10.0.0.0/24 acl xyz 10.0.2.0/24 tcp_outgoing_address 10.1.0.1 abc tcp_outgoing_address 10.1.0.2 xyz tcp_outgoing_address 10.1.0.3
Use multiple IP addresses based on the squid’s IP being used as proxy server
acl ip1 myip 192.168.1.2 acl ip2 myip 192.168.1.3 acl ip3 myip 192.168.1.4 tcp_outgoing_address 192.168.1.2 ip1 tcp_outgoing_address 192.168.1.3 ip2 tcp_outgoing_address 192.168.1.4 ip3
The acl lines tell squid to match myip which means if someone uses the IP 192.168.1.2 as their proxy server they will match the acl ip1 and so on.
With these two simple examples, you saw how Squid is easily tunable to set a different outgoing IP depending on the conditions set by you.
- An introduction to systemd for CentOS 7
- Linux Games: Sanctum 2
- What goes around comes around: nearly half of DDoS attacked companies are hit twice or more
- Linux Terminal: An lsof Primer
- How to check if you are vulnerable to shellshock
Find me on Google+