Re: [squid-users] Restrict clients to specific outgoing IP addresses

From: JL <bearmeat_at_gmail.com>
Date: Sun, 21 Sep 2008 05:40:06 -0700

On Sun, Sep 21, 2008 at 4:44 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> JL wrote:
>>
>> I have several individuals connecting to my Squid proxy server and I
>> also have Squid configured to use multiple outgoing IP addresses.
>>
>> So, for example, say I have 3 clients that connect to my Squid proxy
>> server with the following IP addresses:
>>
>> Client #1: 111.111.111.1
>> Client #2: 111.111.111.2
>> Client #3: 111.111.111.3
>>
>> My server has 7 IP addresses:
>> IP #1: 222.222.222.1
>> IP #2: 222.222.222.2
>> IP #3: 222.222.222.3
>> IP #4: 222.222.222.4
>> IP #5: 222.222.222.5
>> IP #6: 222.222.222.6
>> IP #7: 222.222.222.7
>>
>> I want the following conditions:
>> 1) I want to restrict Client#1 so that he can only use IP#1, IP#2, and
>> IP#5.
>> 2) I want to restrict Client#2 so that he can only use IP#3 and IP#7
>> 3) I want to restrict Client#3 so that he can only use IP#6
>>
>> Is this possible?
>
> Yes. tcp_outgoing_address + ACL.
>
> Amos
> --
> Please use Squid 2.7.STABLE4 or 3.0.STABLE9
>

Amos, using the example as before I have the following setup:

IPs 111.111.111.1 - 111.111.111.1 are the IP addresses of the users of
my server.
IPs 222.222.222.1 - 222.222.222.222.7 are the IP address of the server.

Right now I have the following in my squid.conf:

acl ip1 myip 222.222.222.1
acl ip2 myip 222.222.222.2
acl ip3 myip 222.222.222.3
acl ip4 myip 222.222.222.4
acl ip5 myip 222.222.222.5
acl ip6 myip 222.222.222.6
acl ip7 myip 222.222.222.7
tcp_outgoing_address 222.222.222.1 ip1
tcp_outgoing_address 222.222.222.2 ip2
tcp_outgoing_address 222.222.222.3 ip3
tcp_outgoing_address 222.222.222.4 ip4
tcp_outgoing_address 222.222.222.5 ip5
tcp_outgoing_address 222.222.222.6 ip6
tcp_outgoing_address 222.222.222.7 ip7

So after that, I want the following conditions:

1) I want to restrict incoming Client#1 (with IP 111.111.111.1) so
that he can only use IP#1 (222.222.222.1), IP#2 (222.222.222.2),
andIP#5 (222.222.222.5). I do not Client#1 to be able to use IP#3,
IP#6, nor IP#7.
2) I want to restrict Client#2 (with IP 111.111.111.2) so that he can
only use IP#3 and IP#7. I do not want Client#2 to be able to use IP#1,
IP#2, IP#4, IP#5, IP#6.
3) I want to restrict Client#3 (with IP 111.111.111.3) so that he can
only use IP#6. I do not want Client#3 to to be able to use IP#1, IP#2,
IP#3, IP#4, IP#5, IP#7

Can you give me an example ACL for this type of configuration?

Thanks in advance.
Received on Sun Sep 21 2008 - 12:40:12 MDT

This archive was generated by hypermail 2.2.0 : Sun Sep 21 2008 - 12:00:03 MDT