Squid- how to connect to a squid proxy server from an external network (different ip address)

BaronBa3ba3 · 07-13-2021, 09:50 PM

Hey guys,

I've been playing around with Squid on Ubuntu 20.04.02

I've set it up to where I am able to connect through locally, but a want to be able to use when I am not at my home.

My biggest struggle is determining the proxy server's address I have to insert on the device on the other network that is trying to connect to the proxy. Is it the same as the public IP address of the network on which my proxy is connected ? because that does not seem to be working.

Warning : you're talking to a newbie.

Thanks

Here is a look of my squid.conf file :

Code:

acl all src all

acl external src XXX.XXX.XXX.XXX (the ip of the external network I want to use to access to proxy)

acl localnet src 0.0.0.1-0.255.255.255    # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8        # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10        # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16     # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12        # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16        # RFC 1918 local private network (LAN)
acl localnet src fc00::/7           # RFC 4193 local private network range
acl localnet src fe80::/10          # RFC 4291 link-local (directly plugged) machines


acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT



http_access allow external
http_access allow localnet
http_access allow localhost
http_access allow all


# And finally deny all other access to this proxy
http_access allow all

TenTenths · 07-14-2021, 05:57 AM

At a minimum you will have to allow the inbound Squid traffic on your router and send it to the server running the Squid instance. Your "external" may be the public IP, or the local internal address of your router, or may have to be the public IP of the hosts(s) you wish to allow, depending on how you configure your firewall rules to pass the traffic.

Opening a Squid proxy externally should be done very, VERY carefully and needs to be restricted in some way to authorized / authenticated users, not just any random port-scanning kiddy-skripterz

jmgibson1981 · 07-14-2021, 06:25 AM

Can you just give yourself a vpn into your home network then run the whole home network through the proxy? Seems like it would be an easier goal than targeting the proxy directly. Either way you need a static ip.

It also could "not be working" because a typical home internet connection has all ports blocked. They don't usually want people running servers from home. Is why "business" class connections are available. Is how it is here in the states anyway.

Quote:

Opening a Squid proxy externally should be done very, VERY carefully and needs to be restricted in some way to authorized / authenticated users, not just any random port-scanning kiddy-skripterz

This. If someone else manages to access the proxy you may end up with material in the proxy that can send you to prison.

TenTenths · 07-14-2021, 07:01 AM

Quote:

Originally Posted by jmgibson1981

Either way you need a static ip.

Not strictly true, my edge router has onboard dynamic DNS client that detects ip address changes and updates accordingly, although it looks like I've had a static IP address for years on my home provider!

BaronBa3ba3 · 07-14-2021, 07:11 AM

Thank you for the advice.

I will definitely add security (authentication + ip restriction) once I get it to work.

So If I understand correctly my squid configuration is ok. I have to work on my router, to direct its traffic toward my proxy?

TenTenths · 07-14-2021, 07:16 AM

Quote:

Originally Posted by BaronBa3ba3

So If I understand correctly my squid configuration is ok. I have to work on my router, to direct its traffic toward my proxy?

I'm no squid wizard, so can't comment on your config file, I'm just pointing out what's required to get an internal service accessible from the outside.