Re: [squid-users] Randomize outgoing_address

From: Leonardo Rodrigues <leolistas_at_solutti.com.br>
Date: Sun, 25 Oct 2009 10:53:13 -0200

Andres Salazar escreveu:
> Hello,
>
> Is there anyway I can randomize my outgoing_address other then setting
> up ACLs with time.
>
> I have a box with a high load of IPs and I want my requests to go out
> totally random.
>
>

    squid has tcp_outgoing_address as you've already noticed. But i
really dont think it can be used for acchieving 'totally random'
outgoing address. If can choose outgoing address based on several thing,
based on ACLs.

    for a totally random output, i think you'll have an easier time
using iptables SNAT rules .....

SNAT v1.3.5 options:
 --to-source <ipaddr>[-<ipaddr>][:port-port]
                                Address to map source to.
                                (You can use this more than once)

    something as simplier as:

iptables -t nat -A POSTROUTING ........ -j SNAT --to-source
x.x.x.10-x.x.x.200

    would randomize outgoing addresses ....

    but be careful ... completly randomizing address outputs can (surely
will) break things that uses source IP address as part of session
security, just like internet banking and several other 'secure' systems.

-- 
	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br
	Minha armadilha de SPAM, NÃO mandem email
	gertrudes_at_solutti.com.br
	My SPAMTRAP, do not email it
Received on Sun Oct 25 2009 - 12:53:34 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 26 2009 - 12:00:02 MDT