LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-13-2005, 02:26 PM   #1
psydoc
LQ Newbie
 
Registered: Jan 2005
Location: US/Panama
Posts: 4

Rep: Reputation: 0
Howto ? Set-up Gateway proxy on my servers?


Hi,

I'm a newbie to this forum and to gateway proxies. My question is:

I need to provide a gateway that will allow clients from around the world to connect to one of my secure servers, then browse the Internet anonymously.

I have servers in the USA that I could chain with servers I have in Panama and St. Vincent.

My clients need to have all personally identifying information shielded from view.

I know that I can set-up a proxy, but don't know how to make sure everything else, such as passing only the last gateway server's IP to web sites is accomplished.

Can anyone help me by giving me instruction or guidance to software that may do this for me?

My servers are set-up as virtual private servers, so I am looking for something that is not root user.

Any help is greatly appreciated!

Thanks,
Psydoc
 
Old 01-13-2005, 05:53 PM   #2
adamwenner
Member
 
Registered: Aug 2003
Distribution: windows xp home, windows 98, red hat 9, fedora core 3, redhat enterprise linux, win2000 pro/server
Posts: 217

Rep: Reputation: 32
if you just have all the clients connect to one central proxy server, then tell all your clients to surf through the proxy, it should hide a lot of information about the people

if your looking for something that will connect your different sites to one proxy, you might have to look into VPN products that companies like cisco produce

so basically, set up one linux box, have the people VPN in, and use that linux box as a proxy server with squid, which squid is easy enough to start

/etc/init.d/squid start

squid runs fine with default config, and commonly runs on port 3128 or 8080

--adam
 
Old 01-13-2005, 06:35 PM   #3
psydoc
LQ Newbie
 
Registered: Jan 2005
Location: US/Panama
Posts: 4

Original Poster
Rep: Reputation: 0
Howto ? Set-up Gateway proxy on my servers?

Hi Adam,

Thanks for the reply!

What I want is to let members to my site connect to my server using an encrypted connection, i.e., https://my-server.net, and from there browse anywhere they want. Most of them will only be using it to go to sites that we recommend for investments.

The real tricky part is that many of them come from countries that are not exactly free (I say this as though any of us are really free from governmental oppression of some sort), and so their ISP isn't able to track them to anything that can be used against them. All their ISP will see is an encrypted connection to our site.

Does squid provide for all this anonymity?

And, if I could impose on you further to tell me how to acquire squid and install it, I will be very grateful!

Thanks,
Keith
 
Old 01-13-2005, 07:36 PM   #4
adamwenner
Member
 
Registered: Aug 2003
Distribution: windows xp home, windows 98, red hat 9, fedora core 3, redhat enterprise linux, win2000 pro/server
Posts: 217

Rep: Reputation: 32
i believe squid has authentication, but is set up in the browser, there is no way (i am aware of) that will allow someone to type in their browser "https://my-server" and be able to then browse to other places on the net unless you put VNC on this computer, then they will control another computer in a "free" country

for instance, i have a linux box in my house, if all these users have "vnc viewer" on their machines, they can open a connection to my ip address on a certain port and then be able to control my computer remotely as if they were sitting in front of it

this may be your best option if you only have 5-10 people in "not free" countries


now squid is a little different, connections coming out of your "not free" computers will say the URL they are connecting to, but will actually connect to your server, this may cause the government to be able to protect the connection


AHA!! better option

allright, i got what I would see as the best option i can think of

have each user (running linux) open up an SSH connection with your free country server, and have it set up to "tunnel" connections, making it invisible to the local governments

if using linux, install squid from http://www.squid-cache.org/, RPM is the easiest way to do it

now, start it using the command i said earlier

and then get your "not free" machines to tunnel a connection to your server, if they are using linux, open a terminal and type in
ssh username@my-server.com -L 3128:localhost:3128
windows users can use putty and go to the "tunnels" tab and type in
Source port: 3128
Destination: localhost:3128

now in the users browsers, put in this for the proxy information
proxy: localhost
port: 3128

(change the port to whatever you tell squid to run on, defaults are either 3128 or 8080 or 80)

it should then forward connections through the SSH tunnel to your remote proxy machine, and the local government will only see an encrypted connection on port 22, nothing more

lemme know if you need any further clarification, cause i might have started rambling
--adam

Last edited by adamwenner; 01-13-2005 at 07:38 PM.
 
Old 01-13-2005, 10:46 PM   #5
psydoc
LQ Newbie
 
Registered: Jan 2005
Location: US/Panama
Posts: 4

Original Poster
Rep: Reputation: 0
Hi adam,

Don't worry about rambling. I've posted a few dissertations in my life, too!

I think I see how your suggestion would work, but can't their local ISP (usually their not so friendly or free government) intercept the pages that are served through to their computer?

I have a linux server in Panama, a couple in St. Vincent and several in the US. All are running redhat 7.3.

Couldn't nice person from not free machine use an encrypted connection to one in, say Panama; be relayed to another, and then to another that contains a remote browser? The last machine IP would be what is served to the server from which they request information, so there is no location of not free machine. The original https connection would serve pages to not free machine, and ISP would not be able to understand the information.

As I said in my original post, I'm a newbie. I can handle writing simple PHP and PERL scripts, but when we get to command line, I a little thick.

I really appreciate your taking so much of your time to answer my questions.

Problem is, I am a business man, not an qualified IT guy.

Thanks,
Keith
 
Old 01-13-2005, 10:55 PM   #6
adamwenner
Member
 
Registered: Aug 2003
Distribution: windows xp home, windows 98, red hat 9, fedora core 3, redhat enterprise linux, win2000 pro/server
Posts: 217

Rep: Reputation: 32
well, with this SSH tunneling, the local government wont see anything except an SSH session, they wont see webpages being served through the SSH tunnel

--adam
 
Old 01-14-2005, 11:15 AM   #7
psydoc
LQ Newbie
 
Registered: Jan 2005
Location: US/Panama
Posts: 4

Original Poster
Rep: Reputation: 0
Hi adam,

Thanks, as I said, I'm a newbie to linux; however, I didn't make the connection in my little brain about the SSH connection.

I have printed your suggestions, and will be away for a while, trying to implement everything.

I'll let you know how I make out.

Thanks again, for everything.

Keith
 
Old 01-14-2005, 11:40 AM   #8
adamwenner
Member
 
Registered: Aug 2003
Distribution: windows xp home, windows 98, red hat 9, fedora core 3, redhat enterprise linux, win2000 pro/server
Posts: 217

Rep: Reputation: 32
no problem

let me know if you have any problems, ill be happy to help, just fire me off an email, my address is in my LQ profile

--adam
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
lm10.0 gateway is set but when I reboot I have to set the gateway rharvey32 Mandriva 8 02-13-2006 02:35 PM
Knoppix and Proxy servers phuqmnb Linux - Newbie 1 12-19-2004 12:53 PM
Proxy servers the_imax General 3 12-13-2004 01:04 AM
snort and proxy servers zuessh Linux - Security 8 03-08-2004 07:41 PM
Proxy Servers... Grim Reaper Linux - Security 6 02-03-2003 04:24 PM


All times are GMT -5. The time now is 08:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration