This is a small HOWTO about doing source routing with Squid and Linux. With Squid you can specifiy the outgoing IP address using ACLs. That means that you can select the outgoing IP using the information inside HTTP messages, thing that you can’t do with a firewall. The syntax is simple:
acl somedomain dstdomain somedomain.com
tcp_outgoing_address 1.2.3.4 somedomain
Those two lines say: “If the request is asking for somedomain.com, go to the world using IP 1.2.3.4″.
Now the Linux part. If you have more than one public IP address and you want to make the Squid configuration to work you need some iproute lines.
ip rule add table 10 from 1.2.3.4
ip route add table 10 default via GW
And those two lines says: “If the source IP of the packaet is 1.2.3.4, go via GW”.
Source routing with Linux is simple. What you do is to create a new table. This table will be used by that packets that match the criteria specified in “ip rule”. The “default table” is the table main, everything goes there if there is no rule. Is the table that you see with “ip route” or “route -n” (please, don’t use the last command anymore).
