May 21, 2019

2 min

For some acceptance tests it can be very handy to test webapplications from a couple of SRC IP addresses. There are multiple ways to do it but I wanted to use a simple linux box at home that can be connected to a LAN and a WIFI with separate internet connections. The setup would work for most laptops and raspberry pi’s especially when combined with a hotspot from a smart phone. Furthermore it’s very easy to add an extra TCP port forward so the proxy itself is reachable/exposed over the internet.

The resulting proxy is actively in use by the guys from https://www.leadexpress.nl

Situation

The proxy should work for all clients that can reach the proxy server at 192.168.20.10:5001 or 192.168.30.10:5002

Ubuntu 18.04 + squid installed

Configuring squid

Squid’s default config has all the documentation in it, comment style. Perfect, but also very clumsy and large. For now it left it as is, but when I switch to an Ansible powered solution I will rewrite the config to be as clean as possible.

Change 1

Enable the proxy on a couple of ports. Search for the “http_access deny all”

Note: It could be necessary to explicitly force stuff to ipv4 to avoid weird networking stuff, more info: squid_dns_v4_first.

Change 2

Enable the proxy on a couple of ports. Search for the “http_port 3128” and replace it with:

Note: with this setup I only listen on one of the interfaces for incoming proxy requests. You don’t need to add the IP address at all if you want to listen on all interfaces. It depends on how you want to reach the proxy itself: you could also use the username or src ip address of the client to determine which of the incoming connections belong together.

Change 3

As we don’t use squid as a cache at all you can tweak some other stuff.

Search for

And replace it with

Test networking setup with CURL

In almost all linux setups with DHCP just one standard gateway will be used for internet access. You’ll have to manually configure additional gateways if you want to use them.

On my box the LAN card: ens1f2 is used to reach the standard gateway, and wlp3s0 is my WIFI NIC. While ens1f2 is up the wifi card’s gateway isn’t used. Some network-manager daemon normally deals with network changes, which we now want to configure manually.

You can test, which gateway is used by issuesing an outgoing HTTP request with curl:

It will output the outgoing IP address in JSON format. If your box uses one gateway both will come from the same IP.

Setup routing

So I appended my 2 network cards to the iproute2 config, to add some routes on my own.

Then I manually added info to the routes table to ensure that traffic from wlp3s0 would be routed over the correct gateway

Now the curl tests should return the correct outside address for boths tests! Please verify this before debugging squid config. I lost a couple of hours before I realised that I needed some routing, blaming the error to something in the squid config.