[sdnog] configure outgoing configuration based on incoming ports

Samir S. Omer samir.saif at sudren.edu.sd
Wed Jun 29 15:32:49 SAST 2016 

Hi 

yes, I wanted to do exactly what you said below. to connect to the proxy on different ports and based on these ports the proxy will fetch the content from the internet using different source IPs. 

Samir

----- Original Message ----- 

> From: "Patrick Okui" <pokui at psg.com>
> To: "Samir S. Omer" <samir.saif at sudren.edu.sd>
> Cc: sdnog at sdnog.sd
> Sent: Wednesday, June 29, 2016 5:20:47 PM
> Subject: Re: [sdnog] configure outgoing configuration based on incoming ports

> On 29 Jun 2016, at 16:02 EAT, Samir S. Omer wrote:
> > Hi Patrick
> 
> > So the port binding and forwarding will be done by squid without the need
> > for
> > IP masquerading or Port forwarding configuration on the firewall ?
> 
> I do not understand what you mean by this.
> I assume you’ve used the http_port to make squid listen on multiple ports.
> So basically you would have
> http_port 8081
> http_port 8082

> This means squid will accept incoming connections to any IP on the local
> machine on ports 8081 and 8082
> If alternatively you want to make squid bind to a particular IP on the local
> machine in addition to the port then you need (for example)
> http_port 192.168.1.1:8081
> http_port 192.168.1.2:8082

> This means that on the IP 192.168.1.2 nothing is listening on port 8081 -
> only 8082 and vice versa on the IP 192.168.1.1.
> However, to use the squid running on those ports someone has to edit the
> proxy options in their browser (or operating system). You can also set up
> authentication for each port separately so someone needs the right password
> for the right port.
> If you want squid to be transparent to the end user, you need to redirect the
> HTTP traffic as it goes out of your network to come to your squid on
> requisite ports. This is called transparent proxying (or interception
> proxying by Trouble and friends). This requires work on a device in the path
> between the user and the internet. Typically a firewall or a router. In that
> case you need MASQ, or redirect rules or an ACL or ….
> Again, it’d help to know what exactly you’re trying to achieve.
> --
> patrick

More information about the sdnog mailing list