Can Squid be configured to use the incoming IP address as the outgoing Address if multiple IPs are used on the server?

Question

At the moment I have to define rules for all local ips like this:

acl ip1 localip 1.1.1.1/32
tcp_outgoing_address 1.1.1.1 ip1
acl ip2 localip 2.2.2.2/32
tcp_outgoing_address 2.2.2.2 ip2
acl ip3 localip 3.3.3.3/32
tcp_outgoing_address 3.3.3.3 ip3

As I need to configure several server adn they always have different ips I would like to configure squid in a way that always the same address that is used as incoming address is also used as outgoing address.

Is this possible?

I am also open to other solutions. I tried tinyproxy, which has the "bindsame" option for this, but lacks the possibility to define external authentication scripts. I also need external authentication via a program which squid is able to do.

Did you ever find a solution for this? I'm looking to setup something similar. — Arya, Oct 04 '17 at 21:16
We should open a feature request for Squid. This would be a very useful feature and many people are looking to have it. — Arya, Oct 16 '17 at 01:07
Did you find any new solution? I tried DeleGate, but it does not support specify outgoing interface. — redice, Mar 29 '18 at 00:21

score 2 · Answer 1 · answered Apr 22 '15 at 21:10

Short answer: Based on my research, squid does not support anything like tinyproxy's "BindSame".

Details: I have been researching this very topic because I am in precisely the same situation as you: I want to use tinyproxy for the BindSame configuration, but I need authentication, which tinyproxy does not support. Unfortunately, my conclusion is that squid does not have an equivalent to tinyproxy's BindSame. I can see no other directive that could be used to specify the outgoing IP address.

From squid reference documentation, we see that the tcp_outgoing_address directive requires a specific IP address as an argument. It won't accept something like "same" or a variable from a matching ACL.

I wish I had a more favorable answer for you, because if I did, I'd be using it, too!

I have been using Tinyproxy, but I have found out that it becomes unresponsive after 1-2 days of just running on my server. Have you had a similar issue? — Arya, Oct 12 '17 at 17:33

score 0 · Answer 2 · answered Apr 22 '15 at 21:28

0

The feature you want (if I read your question correctly) is Tproxy - this effectively makes squid IP transparent - it will look like the client is making the proxied requests.

To be honest, it's a bit of a faff to set up (more than a couple of directives), but it does work.

answered Apr 22 '15 at 21:28

Tom Newton

4,141
2
24
28

I'm looking to setup tproxy setup with Squid but I have not been successful so far as the guide on Squid is outdated. I can use Centos or Debian. What guide did you use to setup your system? – Arya Oct 04 '17 at 21:29

Can Squid be configured to use the incoming IP address as the outgoing Address if multiple IPs are used on the server?

2 Answers2