0

I have a squid server installed with 30 additional proxy addresses. Whenever I try to use one of these proxy addresses with a browser, like chrome, my IP shows as the main server IP as opposed to the additional address. For example, say the home IP is 192.0.0.10 and the additional IP I'm trying to use is 192.0.0.13, when going to a "what is my IP" type of site, it shows 192.0.0.10 no matter what additional address I use. Any idea as to why this might happen? Thanks for any help.

xtal
  • 1
  • 1

1 Answers1

0

This happens because the address selection for the outgoing connections from the server is independent process.

The outgoing address selection algorithm is described in http://linux-ip.net/html/routing-saddr-selection.html.

The order is:

  1. Application request for particular IP
  2. src hint for chosen route path
  3. First address configured on the interface for the matching route table entry

In your case, neither option 1 or 2 applies, therefore system uses the first address configured for the network interface.

Squid seems to have an option to configure source address for outgoing connections: http://www.squid-cache.org/Doc/config/tcp_outgoing_address/. This would be option 1 in the list above.

However, it doesn't seem to support using the IP address client is trying to connect to. Different IP addresses can be configured for either different user names or different user source IP addresses.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • I configured all of my addresses using the tcp_outgoing_address command, and that worked fine, however i couldn't figure out a way to have act normally without changing the port. If I assigned two addresses to the same port, the outgoing connection would use the first address assigned to that port. For example, if I had 195.xxx.xxx.230:3128 & 195.xxx.xxx.231:3128 and attempted to use the .231 address as a proxy, the outgoing connection would go through .230 instead. Any idea why that is? Like I mentioned, if I assign a different port to all of the addresses it works fine. – xtal Oct 31 '20 at 12:35
  • As I explained above, Squid does not have the feature to do what you are seeking. Squid can only select outgoing addresses based on Squid user name or user's own IP address. – Tero Kilkanen Oct 31 '20 at 13:45
  • So if was to assign a range of addresses to a particular user all asigned to the same port, that would work? Sorry if I'm not understanding, I'm as you can probably tell new to this. – xtal Oct 31 '20 at 14:24
  • Yes, you can configure outgoing address A for username A, address B for username B etc. And all users would connect to port 3128. – Tero Kilkanen Oct 31 '20 at 14:26
  • Thank you, really appreciate the help. I'm sorry to be a pain but would you be able to give an example of what that might look like? Once again thanks for the help. – xtal Oct 31 '20 at 14:28
  • Unfortunately I haven't implemented this kind of setup myself, I simply looked at the documentation that it can be done. `tcp_outgoing_address` accepts an `aclname` as the second argument, and in the ACL you should be able to match the user. – Tero Kilkanen Oct 31 '20 at 14:37
  • I've added two ACLs for users just to test, `acl xtal ident xtal` & `acl 123 ident 123` and setup my outgoing addresses as so, `tcp_outgoing_address 195.xxx.xxx.227 xtal`, and so on for the rest of my addresses, mixing the ident `xtal` and `123` however, when testing it seems to ignore the fact that the address is assigned to a user and accepts any of the user:pass combinations in my passwd file. Also when testing as a proxy, I have the same problem as before where it shows the first address signed to :3128 port. I'd appreciate any help on this issue. – xtal Oct 31 '20 at 16:15