Configure Squid Proxy for Multiple Outgoing IP Addresses

Setup Your Own Multiple-IP, Private Group of Proxies on a Single VPS Installation

After much researching online in forum discussions and some hair-pulling troubleshooting (and a nudge in the right direction from Ralf at Tradebit), we’ve assembled a fairly reliable set of instructions for configuring Squid Proxy to employ multiple outgoing IP addresses from a single Squid installation and (this is the key) allowing you to connect through any of the outbound IP addresses depending on the IP address by which you connect to the Squid Cache server.

Squid CacheThere are a few incomplete ways to do this. Some of the existing tutorials like this one go only part of the way: they let client A from one IP address can connect through one outgoing IP address, and client B from a second IP address can connect through another outgoing IP address. This is limiting: client A can only use one outgoing IP. With our setup, we can use any of our many outgoing IP addresses.

Our Setup & Plan

We run Squid Cache on a basic VPS service running Linux. We are using Squid-3.2.1. Our VPS has six IP addresses, so we want to receive clients on any six of those IP addresses and direct Squid to use the same corresponding IP address for its outgoing connections. Because our VPS listens on all six IP addresses, we will designate separate ports for each inbound connection. It’s probably worth mentioning that we aren’t caching anything–we are simply using squid as a proxy.


Obviously, we’ll be modifying the squid.conf file. We’ll be using the following configuration directives:

  • http_port
  • name=
  • myportname
  • acl
  • http_access
  • tcp_outgoing_address

First, we want to tell Squid what IPs and ports to listen on, and we want to use the “name=” option with http_port:

# Squid normally listens to port 3128
http_port name=3128
http_port name=3129
http_port name=3130
http_port name=3131
http_port name=3132
http_port name=3133

We just asked Squid to listen on sequential ports and to designate a name for each inbound connection.  Now that we’ve named the inbound connections, we can designate an ACL based on each inbound connection name and assign an outgoing IP to each:

acl tasty3128 myportname 3128 src
http_access allow tasty3128
tcp_outgoing_address tasty3128
acl tasty3129 myportname 3129 src
http_access allow tasty3129
tcp_outgoing_address tasty3129
acl tasty3130 myportname 3130 src
http_access allow tasty3130
tcp_outgoing_address tasty3130
acl tasty3131 myportname 3131 src
http_access allow tasty3131
tcp_outgoing_address tasty3131
acl tasty3132 myportname 3132 src
http_access allow tasty3132
tcp_outgoing_address tasty3132
acl tasty3133 myportname 3133 src
http_access allow tasty3133
tcp_outgoing_address tasty3133

That’s it. You should now be able to connect to any of your six IP addresses through Squid.


8 replies
  1. Jon Coulter
    Jon Coulter says:

    This was exactly what I needed, but once I found your post I did some research and you can do the same thing by using “myip” to determine the incoming IP address. No need to multiple ports.


    act ip1 myip # where is a server ip
    act ip2 myip # where is a server ip

    tcp_outgoing_address ip1
    tcp_outgoing_address ip2
    tcp_outgoing_address # default if coming in on another IP

    Am i missing something here? This seems to be the more generic and flexible method.

  2. annon
    annon says:

    Does this work for multiple https connections?

    Nat incoming connections (443 to 3100)on single network ip (64.x.x.x). I’m having trouble using multiple certs for each domain with squid. Also, can they use different outgoing ports?

  3. Jason
    Jason says:

    I’ve been trying to modify this script to work with one ipv4:port in and out to a unique IPv6.

    I’ve pasted an example of what I did here at pastebin:

    The problem I’ve encountered is that squid always uses the same IPv6 to connect out, in my example it uses the IPv6 associated with user5 even if user5 is commented out.

    do you have any idea how to get squid to assign a unique ipv6 per user for the outbound connection?

  4. vinod
    vinod says:

    I have set 200 IP on my squid server as per your way “http_port name=3128” but only 128 is working rest of them not able to make connection. Any idea how we increase this 128 limit.


Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *