Configuring Squid Proxy with Multiple IP Addresses

Suppose the server has several IP addresses – on the same interface or on different ones – it doesn't matter.

Objective: make Squid use different external IP addresses depending on which port of the proxy server is being accessed.

So, as you can see, my test server has 5 IP addresses, 1 IPv4 address and 4 IPv6 addresses:

• 185.117.153.79
• 2a02:f680:1:1100::3d5f
• 2a02:f680:1:1100::3d60
• 2a02:f680:1:1100::3d61
• 2a02:f680:1:1100::3d62

See also:

• Introduction to IPv6 Addresses: How to Use and How to Explore the Network (Part 1)
• Introduction to IPv6 Addresses: How to Use and How to Explore the Network (Part 2)

To solve this problem, the contents of the /etc/squid/squid.conf file are as follows:

# The proxy server will only use local utilities, so only access from localhost is allowed.
# If you want to connect to the proxy server from outside, then add the corresponding IPs to the allowed ones,
# or configure password authentication.
http_access allow localhost
http_access deny all

# To connect to the proxy server, ports 24000-24004 are selected, the following lines enable listening on these ports
# Please note that the proxy server does not listen to external IP addresses, in addition to the port, the IP address of localhost is specified
http_port 127.0.0.1:24000
http_port 127.0.0.1:24001
http_port 127.0.0.1:24002
http_port 127.0.0.1:24003
http_port 127.0.0.1:24004

# For each port, create an acl with the localport type
acl portA localport 24000
acl portB localport 24001
acl portC localport 24002
acl portD localport 24003
acl portE localport 24004

# Map ports and IP addresses
tcp_outgoing_address 2a02:f680:1:1100::3d5f portA
tcp_outgoing_address 2a02:f680:1:1100::3d60 portB
tcp_outgoing_address 2a02:f680:1:1100::3d61 portC
tcp_outgoing_address 2a02:f680:1:1100::3d62 portD
tcp_outgoing_address 185.117.153.79 portE

# We don't need a cache
cache deny all

When accessing the page https://w-e-b.site/ip/, the IP address of the client who made the request is shown. Let's check:

curl https://w-e-b.site/ip/

The result is:

2a02:f680:1:1100::3d61

Let's remember this.

Now let's request the specified page through the proxy server ports from 24000 to 24003:

curl --proxy localhost:24000 https://w-e-b.site/ip/
curl --proxy localhost:24001 https://w-e-b.site/ip/
curl --proxy localhost:24002 https://w-e-b.site/ip/
curl --proxy localhost:24003 https://w-e-b.site/ip/

As you can see, each time a different IPv6 address is displayed – in accordance with which one is bound to a specific port of the proxy server.

What IP address do you think the following command will print?

curl --proxy localhost:24004 https://w-e-b.site/ip/

Let me remind you that IPv4 185.117.153.79 is bound to port 24004. If your answer is “185.117.153.79”, then you are wrong.

Let's check:

curl --proxy localhost:24004 https://w-e-b.site/ip/

Outputted: 2a02:f680:1:1100::3d6 is the same default IPv6 address.

The reason is that, in fact, the binding does not occur to the IP address as such, but to the network interface on which this IP is configured. By the way, therefore, you can also bind by MAC address. At the same time, Squid works as follows: if there is a technical possibility (the local server and the remote host have IPv6 addresses), then IPv6 is used by default.

The site w-e-b.site has IPv4 and IPv6 addresses, Squid makes DNS lookups trying to get A and AAAA records, and if the remote host has an IPv6 address, then that one is used. To connect to IPv6, the server must also be using IPv6, so one of the available IPv6 is selected, not IPv4 which is actually bound to the port.

Would it be possible to use the IPv4 connection when binding the port to IPv4, even if IPv6 is available? Technically, there is no limit to this, but the authors of Squid did not make such an option. But there is also an option to use IPv4, though not so convenient.

Related: How to configure Squid to use IPv4

See also the Squid setup guide: How to create and configure a Squid proxy server