set squid proxy outgoing IP

last week had me working on setting a squid proxy server with multiple IP/domains. the plan was to have squid route outgoing traffic to as many IPs that the server carries. the server only has one physical interface. the rest of the IPs are tied to it via aliases or a virtual interface. you can easily do this with the following command:

ifconfig ethX:Y <IP_ADDRESS>

where X is the number of your physical ethernet device, and Y is the number designated (arbitrary) for the virtual interface. you could also add the broadcast and netmask address in the same line as well. so it would look something like this:

ifconfig eth0:1 broadcast netmask

for testing, a minimal configuration had the proxy running in no time. it would listen to 2 IPs for incoming HTTP requests on different ports. supposedly it should also route requests in the same IP where it was received. it didn’t. popular web services (,, for knowing your IP were used and somehow the IP that came out was the main server IP. by “main server IP,” i mean the 1st IP bound to the network interface or i would say primary address. (look it up with ifconfig ethX, where ethX is the interface facing the Internet, of course, as you might have one that is only for your LAN). so if it were listening for incoming requests on (IP:port), i wanted it to go out the same way via instead it was going out to, for example, or the primary server IP.

after ‘Googling‘ with no luck, i sought advice from the experts of 4 Linux forums. at least on 3 of the forums, they were quick to say that “new outbound connections would normally default to the primary server IP,” or “the one where the route goes out.” and that was that. this is true, i guess. but my question wasn’t really answered.

looking up on google again, this time carefully reading the returned results, i found out that you could actually tell it to use the IP of your choice for outgoing traffic. (yeah, i overlooked that portion in the manual where it would’ve been obvious had i looked hard enough)

the key to this is tcp_outgoing_address. this is how it’s done as explained:

create an ACL for the incoming source network or just a specific IP(s):

acl my_network src *

then use tcp_outgoing_address to specify which IP the incoming request should go out (of course, you have to own the IP)

tcp_outgoing_address <OUTGOING_IP_YOU_WANT> <ACL_NAME>, or

NOTE: *the IPs used here are private IPs and are only used as examples. replace it with the IPs you want or that which is applicable to your network/server. also read up on squid proxy configuration. a good start about this topic is here. suggested further readings on ifconfig or how to set an IP to your network interface.


11 thoughts on “set squid proxy outgoing IP

Add yours

  1. It’s a pity you don’t have a donate button! I’d most certainly donate to this excellent blog!
    I guess for now i’ll settle for bookmarking and
    adding your RSS feed to my Google account. I look forward to fresh updates and
    will share this website with my Facebook group. Chat soon!

  2. excellent publish, very informative. I wonder why the opposite experts of this sector don’t understand this.

    You should continue your writing. I’m confident, you’ve
    a great readers’ base already!

  3. There’s definately a great deal to find out about this issue.
    I love all of the points you’ve made.

  4. Get free 25$ – Payoneer Card Just Sign Up and you can be payed like an American! Get free 25$ – Payoneer Card Widraw money
    on every Mastercard ATM or pay it online. Free 25$ on first 100$.
    Just go on Get free 25$ – Payoneer Card You will receive a
    Free Credit card, a free worldwide Payoneer Card.

  5. I must thank you for the efforts you’ve put in penning this blog.
    I’m hoping to check out the same high-grade blog posts from you later on as well.
    In fact, your creative writing abilities has motivated me to get my own, personal website
    now 😉

  6. Nice article. But in my squid version (3.1.6) i have to use “acl my_network myip” (myip instead of src). myip = Interface-IP, src = Client-IP

    1. That could be the new way of doing it. The one above was made like almost 5 years ago. The past few years I haven’t really udpated myself with squid. Busy with web development. 🙂

  7. Good to know. Squid is “well-documented” in one sense, they have documentation for every setting, but they don’t tie it together well, making settings like this very difficult to find.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Create a free website or blog at

Up ↑

%d bloggers like this: