On 4/23/21 9:28 PM, Andy Frad wrote: > I would like to know if there is a way to whitelist a users src address > and tie it to a specific outgoing ip? The two parts of the question are completely unrelated AFAICT. Since you already know how to allow traffic, I will focus on the second part. > I'd like to ... make it so a persons src ip can > only get access to a specific ip bound to the server. To tell Squid to use local source IP address X for Squid-server transactions matching a specialTransaction ACL, consider using tcp_outgoing_address X specialTransaction Your call how to define the specialTransaction ACL (e.g. it could be a src ACL). IIRC, tcp_outgoing_address supports fast ACLs only. Please note that if the transaction is going to an IPv6 address but your X address is an IPv4 address, then Squid will _ignore_ the "tcp_outgoing_address X" rule(s) for that transaction. Whether that is a good thing depends on your (unstated) requirements. If needed, you can, of course, have two rules for each specialTransaction, one for IPv6 and one for IPv4 addresses. You cannot block outgoing traffic using tcp_outgoing_address. Please see tcp_outgoing_address documentation for caveats. Some of them sound odd to me so I recommend testing before jumping to conclusions. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
