Setup Your Own Multiple-IP, Private Group of Proxies on a Single VPS Installation
After much researching online in forum discussions and some hair-pulling troubleshooting (and a nudge in the right direction from Ralf at Tradebit), we’ve assembled a fairly reliable set of instructions for configuring Squid Proxy to employ multiple outgoing IP addresses from a single Squid installation and (this is the key) allowing you to connect through any of the outbound IP addresses depending on the IP address by which you connect to the Squid Cache server.
There are a few incomplete ways to do this. Some of the existing tutorials like this one go only part of the way: they let client A from one IP address can connect through one outgoing IP address, and client B from a second IP address can connect through another outgoing IP address. This is limiting: client A can only use one outgoing IP. With our setup, we can use any of our many outgoing IP addresses.
Our Setup & Plan
We run Squid Cache on a basic VPS service running Linux. We are using Squid-3.2.1. Our VPS has six IP addresses, so we want to receive clients on any six of those IP addresses and direct Squid to use the same corresponding IP address for its outgoing connections. Because our VPS listens on all six IP addresses, we will designate separate ports for each inbound connection. It’s probably worth mentioning that we aren’t caching anything–we are simply using squid as a proxy.
Obviously, we’ll be modifying the squid.conf file. We’ll be using the following configuration directives:
First, we want to tell Squid what IPs and ports to listen on, and we want to use the “name=” option with http_port:
# Squid normally listens to port 3128 http_port 67.xxx.108.128:3128 name=3128 http_port 67.xxx.108.79:3129 name=3129 http_port 67.xxx.108.80:3130 name=3130 http_port 67.xxx.108.221:3131 name=3131 http_port 208.xxx.34.154:3132 name=3132 http_port 208.xxx.34.32:3133 name=3133
We just asked Squid to listen on sequential ports and to designate a name for each inbound connection. Now that we’ve named the inbound connections, we can designate an ACL based on each inbound connection name and assign an outgoing IP to each:
acl tasty3128 myportname 3128 src 24.xxx.210.0/24 http_access allow tasty3128 tcp_outgoing_address 67.xxx.108.128 tasty3128 acl tasty3129 myportname 3129 src 24.xxx.210.0/24 http_access allow tasty3129 tcp_outgoing_address 67.xxx.108.79 tasty3129 acl tasty3130 myportname 3130 src 24.xxx.210.0/24 http_access allow tasty3130 tcp_outgoing_address 67.xxx.108.80 tasty3130 acl tasty3131 myportname 3131 src 24.xxx.210.0/24 http_access allow tasty3131 tcp_outgoing_address 67.xxx.108.221 tasty3131 acl tasty3132 myportname 3132 src 24.xxx.210.0/24 http_access allow tasty3132 tcp_outgoing_address 208.xxx.34.154 tasty3132 acl tasty3133 myportname 3133 src 24.xxx.210.0/24 http_access allow tasty3133 tcp_outgoing_address 208.xxx.34.32 tasty3133
That’s it. You should now be able to connect to any of your six IP addresses through Squid.