1

I need some sort of proxy software (similar to Squid) that will work on Linux and allow me to create proxies listening on multiple ports. The proxies need to forward web requests to another external proxy (that requires authentication).

The issue with squid is that it has a max port limit of 128, and I'm looking to use 500+ ports on the server.

A connection to the proxies will look like this:

Client --> proxy1 (port 1000) --> external proxy 1 --> website

Client --> proxy2 (port 1001) --> external proxy 2 --> website

Any help would be greatly appreciated

George C.
  • 11
  • 2

1 Answers1

1

What you need is somewhat similar to my answer on an older question. I have implemented software which needed both to receive connections on all ports and initiate connections from many different IPs. Those are two different requirements, but it turns out they can be achieved in very similar ways.

In order to receive connections for many port numbers on a single socket you need to use the IP_TRANSPARENT option on the socket and TPROXY in iptables.

According to https://wiki.squid-cache.org/Features/Tproxy4 this is supported in Squid 3.1 or later.

The iptables configuration will need to be a bit different in your case. You are going to need an entry looking roughly like this in the mangle table:

-A PREROUTING -d 192.0.2.42 -p tcp -m tcp --dport 80:65535 -j TPROXY --on-port 3129

You will need to adjust IP address and port numbers to match your requirements.

kasperd
  • 29,894
  • 16
  • 72
  • 122
  • The only thing is, I need to make each connection to a different port be a completely independent proxy connection. So when a user connects to port 1000 I then redirect them to a specific external proxy that is completely different to every other proxy. Is there a way to handle this at all with your solution? – George C. Nov 02 '18 at 11:22
  • @GeorgeC. I don't know enough about Squid to say whether it can do that or not. The server receiving connections which have been redirected to a different port with `TPROXY` can learn the original destination port by using the `getsockname` system call. But I don't know if Squid does that. – kasperd Nov 02 '18 at 13:07