[sdnog] configure outgoing configuration based on incoming ports
Samir S. Omer
samir.saif at sudren.edu.sd
Wed Jun 29 15:02:59 SAST 2016
Hi Patrick
So the port binding and forwarding will be done by squid without the need for
IP masquerading or Port forwarding configuration on the firewall ?
I'll try it
thanks a lot
Samir
----- Original Message -----
> From: "Patrick Okui" <pokui at psg.com>
> To: "Samir S. Omer" <samir.saif at sudren.edu.sd>
> Cc: sdnog at sdnog.sd
> Sent: Wednesday, June 29, 2016 4:49:13 PM
> Subject: Re: [sdnog] configure outgoing configuration based on incoming ports
>
> Hi Samir, all,
>
> On 29 Jun 2016, at 10:59 EAT, Samir S. Omer wrote:
>
> > Hi all
> >
> > I'm configuring a Linux CentOS machine with multiple virtual IPs to
> > run a squid service listening on different ports.
> > how can I bind requests coming for each port to go through specific IP
> > ?
> >
> > for example requests coming to port 8081 to go out with the IP
> > 192.168.1.1 and requests coming through port 8082 goes out with IP
> > 192.168.1.2
> >
> > incoming -> Squid -> Outgoing
> > *:8081 -> Squid -> 192.168.1.1:80
> > *:8082 -> Squid -> 192.168.1.2:80
>
>
> You want the configuration directive tcp_outgoing_address (it won’t
> fix the port number but it’ll fix the outgoing ip address).
>
> Documentation for this is at
> <http://www.squid-cache.org/Doc/config/tcp_outgoing_address/>
>
>
> In short you also need an ACL to match the incoming packets. So
> something along the following lines
>
>
> acl net1 localport 8081
> acl net2 localport 8082
>
> tcp_outgoing_address 192.168.1.1 net1
> tcp_outgoing_address 192.168.1.2 net2
>
> Please read the configuration for tcp_outgoing_address, it lists some
> configuration options it is incompatible with e.g TPROXY.
>
> The ACL documentation is at <http://www.squid-cache.org/Doc/config/acl/>
>
> If you have ipv6 on your network you also need a tcp_outgoing_address
> entry either for each entry based on your port numbers or a general one
> that matches all ipv6 addresses.
>
> I’m curious though why you need to do this.
>
> --
> patrick
>
More information about the sdnog
mailing list