I am trying to use squid and bind 2 outgoing ips separately to 2 users.
The ideal results will be, I can access the following:
xxx.xxx.xxx.14:3128:user1:user1password
xxx.xxx.xxx.18:3128:user2:user2password
But not:
xxx.xxx.xxx.14:3128:user2:user2password
xxx.xxx.xxx.18:3128:user1:user1password
I find a similar question and use a similar squid.conf:
Here is my config:
acl http proto http
acl port_80 port 80
acl port_443 port 443
acl CONNECT method CONNECT
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
acl ncsa_users proxy_auth REQUIRED
external_acl_type userIp %SRC %LOGIN /usr/lib64/squid/ext_file_userip_acl -f /etc/squid/userIp.conf
acl userIp external userIp
http_access deny !ncsa_users
http_access allow userIp
http_access deny all
http_port 3128
acl ip1 myip xxx.xxx.xxx.14
tcp_outgoing_address xxx.xxx.xxx.14 ip1
acl ip2 myip xxx.xxx.xxx.18
tcp_outgoing_address xxx.xxx.xxx.18 ip2
And in my userIp.conf I have:
xxx.xxx.xxx.14 user1
xxx.xxx.xxx.18 user2
And in my /etc/squid/passwords I have the following created by htpasswd:
user1:encrypted password
user2:encrypted password
The problem is: if I delete 'http_access deny !ncsa_users', then user1 can access both xxx.xxx.xxx.14 and xxx.xxx.xxx.18. Same with user2.
But if I keep 'http_access deny !ncsa_users' as it is, then all connection fails.
I feel 'http_access allow userIp' doesn't work as it intends to.
I can't search a similar problem on web... Hope anyone could help me
OK I figured out now.
%SRC %LOGIN pair means specify the user's own pc addresses' source, which is actually not what I want.
What I want is actually %MYADDR %LOGIN pair, which specify the ips to allow each user connect to.
So yea, that's the problem