Squid Setup – Setting outgoing IP Address

Well, when I set out to do something, I usually don’t stop until I find answers. What I’m planning to do with a new squid server I’m building at work is to set the outgoing IP address, so when the firewall/Content Filter receives the traffic it will know wether our not to filter the traffic. At first I thought this would be pointless, but after much research I did find a good post:


Very straight forward config:

tcp_outgoing_address DIRECT_INTERNET
tcp_outgoing_address FILTER_INTERNET

So my only asumption here is that tcp_outgoing_address is based on order of how the rule is listed, if it is then this should work great, as I only have to add use IPs to the DIRECT_INTERNET acl, I’m also guessing that I should be able to add LDAP groups to the DIRECT_INTERNET acl and take this a step forward and lets say members of DIRECT_INTERNET group will have full access while others will be filtered. Unfortunatly this only works with IP based ACLs and not LDAP as I had hoped for.

The most important part of this is everyone can go through the same proxy and I can use the squid logs to report of the traffic.

Here is another resource to read for more technical info:


Stay tuned for more posts on Squid Authentication

Update: I have not been able to get the outgoing IP to work with group based ACLs, seems to work fine with IP based ACLs, and from the sample configs I’ve seen, it may also work with time based ACLs.


About Paul Cardelli, CISSP
Cyber Security Analyst, and computer guru

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: