Join Log in
Score:0
Anh Bảy avatar Server

Config Multiple IP config in squid proxy server

cn flag
Anh Bảy

This answer seem not fit my requirement: Squid config - same user multiple ips

Assume that I have a proxy server with 3 IPV4 (202.6.7.8-9-10) and 20 IPV6 (ipv6_1 -> ipv6_20)

I want to config to

Allow IP(s) 203.166.233.16-17-18 to connect to port 3000 to 3010 to use proxy ipv6_1 to ipv6_10

Allow IP(s) 203.166.233.20-21-22 to connect to port 4000 to 4010 to use proxy ipv6_11 to ipv6_20

username1/pwd1 to connect to port 1001-1002 outgoing with ipv4 202.6.7.9-10

username2/pwd2 to connect to port 1201-1202 outgoing with ipv4 202.6.7.9-10

enter image description here

I try below config but there are 2 problem:

  1. There are 6 allowed ips but whole internet can access

  2. Allowed ips can cross access other ports

    dns_v4_first off
    acl to_ipv6 dst ipv6
    http_access deny !to_ipv6
    http_access allow to_ipv6
    
    #gourp 1 (ipv6)
    acl group_1 src 203.166.233.16 203.166.233.17 203.166.233.18
    
    http_port 202.6.7.8:3001
    http_port 202.6.7.8:3002
    http_port 202.6.7.8:3003
    http_port 202.6.7.8:3004
    http_port 202.6.7.8:3005
    
    acl lip_3001 myport 3001
    acl lip_3002 myport 3002
    acl lip_3003 myport 3003
    acl lip_3004 myport 3004
    acl lip_3005 myport 3005
    
    tcp_outgoing_address a001:aaa:bbb::31 lip_3001
    tcp_outgoing_address a001:aaa:bbb::32 lip_3002
    tcp_outgoing_address a001:aaa:bbb::33 lip_3003
    tcp_outgoing_address a001:aaa:bbb::34 lip_3004
    tcp_outgoing_address a001:aaa:bbb::35 lip_3005
    
    http_access allow group_1
    http_access deny !group_1
    
    #gourp 2 (ipv6)
    acl group_2 src 203.166.233.20 203.166.233.21 203.166.233.22
    
    http_port 202.6.7.8:4001
    http_port 202.6.7.8:4002
    http_port 202.6.7.8:4003
    http_port 202.6.7.8:4004
    http_port 202.6.7.8:4005
    
    acl lip_4001 myport 4001
    acl lip_4002 myport 4002
    acl lip_4003 myport 4003
    acl lip_4004 myport 4004
    acl lip_4005 myport 4005
    
    tcp_outgoing_address a001:aaa:bbb::41 lip_4001
    tcp_outgoing_address a001:aaa:bbb::42 lip_4002
    tcp_outgoing_address a001:aaa:bbb::43 lip_4003
    tcp_outgoing_address a001:aaa:bbb::44 lip_4004
    tcp_outgoing_address a001:aaa:bbb::45 lip_4005
    
    http_access allow group_2
    http_access deny !group_2
    
    #Enable IPV4 Proxies
    dns_v4_first on
    acl to_ipv4 dst ipv4
    http_access allow to_ipv4
    
    #group 3 (ipv4 user/pwd auth)
    http_port 202.6.7.8:1001
    http_port 202.6.7.8:1002
    
    acl lip_1001 myport 1001
    acl lip_1001 myport 1001
    
    tcp_outgoing_address 202.6.7.9 lip_1001
    tcp_outgoing_address 202.6.7.10 lip_1002
216
0 + 0
jp flag
AlexD
What exactly have you tried? The question you linked has enough information for you to start building your own solution.
0
Reply
Anh Bảy avatar
cn flag
Anh Bảy
@AlexD the topic I mentioned does not have ip based authentication per out going port range
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.