squid specify outgoing network interface

I have a Linux Debian machine with many network interfaces (venet0:1 to venet0:5) running Squid. If I connect to interface venet0:2 squid uses venet0:0 for outgoing traffic but I want Squid to use the same network interface for connections. So if I connect to the ip address for venet0:1 the proxy should also use the same interface for outgoing traffic.

Currently I use the following configuration:

http_port 200
forwarded_for off
uri_whitespace encode
visible_hostname localhost
via off
collapsed_forwarding on
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/users
auth_param basic children 5
auth_param basic realm Proxy
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl ncsa_users proxy_auth REQUIRED
access_log none
cache_store_log none
cache_log /dev/null
acl all src all
http_access allow ncsa_users
header_access From deny all
header_access Referer deny all
header_access Server deny all
header_access User-Agent allow all
header_access WWW-Authenticate deny all
header_access Link deny all
header_access Accept-Charset deny all
header_access Accept-Encoding deny all
header_access Accept-Language deny all
header_access Content-Language deny all
header_access Mime-Version deny all

I've tried out the tutorial from http://www.tastyplacement.com/squid-proxy-multiple-outgoing-ip-addresses but I don't think I can use it because I authenticate users with ncsa and not with source ip addresses.

Is there any possibility so squid use the correct network interface? It would be nice if I can avoid acl rules because that would require config changes with every change of one ip address.


The best possible solution is to create a acl for each interface, make all the requests coming to that interface belong to that group and redirect that group to a specific outgoing interface.

Example:
The server X has the following IPs:

  • 10.0.0.1
  • 10.0.0.2
  • 10.0.0.3

Therefore, the squid.conf file should be something like:

acl 10_0_0_1 localip 10.0.0.1
tcp_outgoing_address 10.0.0.1 10_0_0_1 

acl 10_0_0_2 localip 10.0.0.2
tcp_outgoing_address 10.0.0.2 10_0_0_2 

acl 10_0_0_3 localip 10.0.0.3
tcp_outgoing_address 10.0.0.3 10_0_0_3

Then any requests made to "10.0.0.1" will use the "10.0.0.1" interface, any request made to "10.0.0.2" will use the "10.0.0.2" interface, and so on.

I do know this is an old question, but since it still being the first google search result, it still valid to post the correct answer.


It's configured in the acl's, so after the line:

acl youracl src IP.Ad.Res.Of venet:0:2

add something the following:

tcp_outgoing_address 192.168.1.1 youracl