Re: [squid-users] Squid Server With Multiple Outgoing IPs, each ip with separate login and password

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 27 Oct 2009 15:05:38 +1300

On Mon, 26 Oct 2009 16:01:05 -0200, Leonardo Rodrigues
<leolistas_at_solutti.com.br> wrote:
> Франсуа Мартiнес escreveu:
>> Hi!
>>
>> i am going to buy dedicated server and organize proxy server.
>> server has 250 IPs.
>> I want each outgoing ip address to have its own login and password.
>>
>> so i give client ip with login and password.
>>
>> so i want to bind each outgoing ip witt login-password.
>>
>> can someone help me in reccomendation?
>> thx
>>
>
> first of all get some authentication method fully configurated, i'll
> skip that part because i dont know what you're using. And for getting an

> auth method working, there's still LOTS of tutorials on the web. Google
> for it if you dont know how to do it.
>
>
> acl myport001 myport 10001
> acl username001 proxy_auth -i username001
>
> http_access allow myport001 username001
> http_access deny myport001
>
>
>
>
> acl myport002 myport 10002
> acl username002 proxy_auth -i username002
>
> http_access allow myport002 username002
> http_access deny myport002
>
>
> ....... and there it goes ........
>
>
> this will give you a big config, i cant think on a 'simple' (few lines)
> config to acchieve that. But it will work for sure !

You overlooked his requirement for _outgoing_ IP to be set. Also Port had
nothing to do with the requirement so those ACL are not relevant. The
username and http_access ones are still required though.

The "include" directive was added to make this kind of config easier. It
can pull in a directory worth of files that are easily managed.

Create a directory /etc/squid/usrips

Each file created inside named something like ip-username with a snippet
of config:

1.2.3.4-username001:
  acl username001 proxy_auth -i username001
  http_access allow username001
  tcp_outgoing_addr 1.2.3.4 username001

squid.conf:
 # INSERT YOUR OWN HTTP ACCESS RULES HERE
 include /etc/squid/usrips/*
 http_access deny all

Then all you need to do is write some scripts to create and delete the
snippet files and reconfigure squid after making alterations. Having the
filename contain the username and/or IP is not strictly required, but makes
the automatics much easier.

Amos
Received on Tue Oct 27 2009 - 02:05:42 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 27 2009 - 12:00:03 MDT