[squid-users] Whitelist Src IP and Tie it to specific ip outgoing ip
Alex Rousskov
rousskov at measurement-factory.com
Sat Apr 24 02:58:21 UTC 2021
On 4/23/21 9:28 PM, Andy Frad wrote:
> I would like to know if there is a way to whitelist a users src address
> and tie it to a specific outgoing ip?
The two parts of the question are completely unrelated AFAICT. Since you
already know how to allow traffic, I will focus on the second part.
> I'd like to ... make it so a persons src ip can
> only get access to a specific ip bound to the server.
To tell Squid to use local source IP address X for Squid-server
transactions matching a specialTransaction ACL, consider using
tcp_outgoing_address X specialTransaction
Your call how to define the specialTransaction ACL (e.g. it could be a
src ACL). IIRC, tcp_outgoing_address supports fast ACLs only.
Please note that if the transaction is going to an IPv6 address but your
X address is an IPv4 address, then Squid will _ignore_ the
"tcp_outgoing_address X" rule(s) for that transaction. Whether that is a
good thing depends on your (unstated) requirements. If needed, you can,
of course, have two rules for each specialTransaction, one for IPv6 and
one for IPv4 addresses.
You cannot block outgoing traffic using tcp_outgoing_address.
Please see tcp_outgoing_address documentation for caveats. Some of them
sound odd to me so I recommend testing before jumping to conclusions.
HTH,
Alex.
More information about the squid-users
mailing list