squid proxy refuses to connect remote server through ssh
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
squid proxy refuses to connect remote server through ssh
i have run rhel3.
i had set up the squid proxy for internet connection.
i am able to browse the web successfully.
but i am unable to connect the remote server using ssh.and even cant ping any public ip from my windows client machine.
And able to connect LAN server's using ssh.
my squid.conf
-------------
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl CONNECT method CONNECT
http_access allow all
http_access allow manager localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
-----
can you define the problem you're having more effectively? are you trying to SSH to a server *through* squid? that's not possible (well you can tunnel ssh over port 80, but that doesn't appear to be what you're asking for). Squid certainly isn't there to permit you to ping a remote box, only get web content from it.
yes.
you are correct , squid only serve the web content.
i have another machine setted up running squid proxy.using that proxy macine i am able to browse the web and SSH to my remote server , just like having direct intrenet conection setting up in windows machine.
but i am able to ping and SSH to remote server from that problemd box's terminal.
not using that box as proxy on my windows client.
eventhough , i have stoped firewall on that box. but its not working.
if the problem not with squid and iptables, then where the problem starts from?
i have been trying to fix this since last week.
well to route *through* a box you need to enable routing / ip forwarding on it. which absolutely nothing whatsoever to do with squid. is this box your default gateway already? if so "echo 1 > /proc/sys/net/ipv4/ip_forward" would be the first step on the path.
[root@STserver root]# traceroute yahoo.com
traceroute: Warning: yahoo.com has multiple addresses; using 216.109.112.135
traceroute to yahoo.com (216.109.112.135), 30 hops max, 38 byte packets
1 ABTS-TN-Static-001.0.165.122.airtelbroadband.in (122.165.0.1) 9.864 ms * 21.102 ms
2 ras-Chn-165.227.95.61.airtelbroadband.in (61.95.227.165) 8.851 ms 15.698 ms 10.096 ms
3 61.95.240.129 (61.95.240.129) 23.160 ms 9.084 ms 10.175 ms
4 125.21.167.25 (125.21.167.25) 10.756 ms 9.373 ms 19.675 ms
5 203.208.192.165 (203.208.192.165) 189.755 ms 188.701 ms 250.294 ms
6 xe-1-0-0-0.sngtp-cr1.ix.singtel.com (203.208.183.61) 189.468 ms 194.324 ms 371.032 ms
7 so-7-0-0-0.plapx-cr2.ix.singtel.com (203.208.149.182) 261.884 ms 271.470 ms 264.094 ms
8 ge-2-1-0-0.plapx-dr2.ix.singtel.com (203.208.168.110) 258.458 ms ge-1-0-1-0.plapx-dr2.ix.singtel.com (203.208.171.126) 278.289 ms ge-2-1-0-0.plapx-dr2.ix.singtel.com (203.208.168.110) 324.912 ms
9 203.208.186.10 (203.208.186.10) 249.287 ms 203.208.145.162 (203.208.145.162) 248.584 ms 203.208.186.10 (203.208.186.10) 248.558 ms
10 so-1-0-0.pat1.dax.yahoo.com (216.115.101.133) 283.068 ms so-1-1-0.pat2.dce.yahoo.com (216.115.101.131) 424.000 ms so-1-0-0.pat1.dax.yahoo.com (216.115.101.133) 283.022 ms
MPLS Label=232144 CoS=1 TTL=1 S=0
11 so-4-1-0.pat1.dce.yahoo.com (216.115.101.144) 337.773 ms ge-0-1-0-p190.pat1.dcp.yahoo.com (216.115.108.37) 303.999 ms 305.497 ms
12 ge-0-1-0-p180.pat1.dcp.yahoo.com (216.115.108.33) 338.755 ms ge-1-0-0-p130.msr2.dcn.yahoo.com (216.115.108.53) 313.099 ms ge-0-1-0-p180.pat1.dcp.yahoo.com (216.115.108.33) 341.907 ms
13 ge-1-0-0-p120.msr1.dcn.yahoo.com (216.115.108.49) 326.233 ms ge9-3.bas1-m.dcn.yahoo.com (216.109.120.219) 341.200 ms ge9-3.bas2-m.dcn.yahoo.com (216.109.120.155) 391.070 ms
14 * ge7-2.bas2-m.dcn.yahoo.com (216.109.120.197) 337.785 ms ge7-1.bas2-m.dcn.yahoo.com (216.109.120.207) 341.198 ms
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
and
[root@STserver root]# traceroute google.com
traceroute: Warning: google.com has multiple addresses; using 64.233.187.99
traceroute to google.com (64.233.187.99), 30 hops max, 38 byte packets
1 ABTS-TN-Static-001.0.165.122.airtelbroadband.in (122.165.0.1) 11.419 ms 13.980 ms 14.755 ms
2 ras-Chn-165.227.95.61.airtelbroadband.in (61.95.227.165) 9.078 ms 9.990 ms 9.653 ms
3 61.95.240.129 (61.95.240.129) 9.265 ms 9.071 ms 9.107 ms
4 125.21.167.25 (125.21.167.25) 8.834 ms 10.063 ms 8.848 ms
5 203.208.192.165 (203.208.192.165) 188.725 ms 189.581 ms 198.800 ms
6 203.208.169.34 (203.208.169.34) 81.018 ms * 73.906 ms
7 209.85.254.168 (209.85.254.168) 42.093 ms 42.327 ms 42.157 ms
8 209.85.254.215 (209.85.254.215) 123.487 ms 120.961 ms 118.252 ms
9 209.85.250.105 (209.85.250.105) 120.989 ms 121.677 ms 121.708 ms
MPLS Label=544755 CoS=1 TTL=1 S=0
10 * * *
11 216.239.47.237 (216.239.47.237) 250.336 ms 250.085 ms 241.710 ms
MPLS Label=525678 CoS=1 TTL=1 S=0
12 72.14.233.53 (72.14.233.53) 240.214 ms 244.138 ms 242.773 ms
MPLS Label=720900 CoS=1 TTL=1 S=0
13 209.85.130.56 (209.85.130.56) 283.995 ms 359.440 ms *
14 72.14.236.15 (72.14.236.15) 281.755 ms 281.353 ms 276.923 ms
15 216.239.49.222 (216.239.49.222) 276.452 ms 270.732 ms 271.515 ms
16 jc-in-f99.google.com (64.233.187.99) 274.981 ms 273.144 ms 271.748 ms
In side the linux box.
1. Able to browse the web.
2.Able SSH and ping the remote server as well as the LAN.
Using the linux box as proxy on my windows client.
1.Able to browse the web.
2.Unable to SSH and ping the remote server.
3.Able to SSH and ping the other linux boxes on the LAN.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.