-   Linux - Newbie (
-   -   Howto ? Set-up Gateway proxy on my servers? (

psydoc 01-13-2005 02:26 PM

Howto ? Set-up Gateway proxy on my servers?

I'm a newbie to this forum and to gateway proxies. My question is:

I need to provide a gateway that will allow clients from around the world to connect to one of my secure servers, then browse the Internet anonymously.

I have servers in the USA that I could chain with servers I have in Panama and St. Vincent.

My clients need to have all personally identifying information shielded from view.

I know that I can set-up a proxy, but don't know how to make sure everything else, such as passing only the last gateway server's IP to web sites is accomplished.

Can anyone help me by giving me instruction or guidance to software that may do this for me?

My servers are set-up as virtual private servers, so I am looking for something that is not root user.

Any help is greatly appreciated!


adamwenner 01-13-2005 05:53 PM

if you just have all the clients connect to one central proxy server, then tell all your clients to surf through the proxy, it should hide a lot of information about the people

if your looking for something that will connect your different sites to one proxy, you might have to look into VPN products that companies like cisco produce

so basically, set up one linux box, have the people VPN in, and use that linux box as a proxy server with squid, which squid is easy enough to start

/etc/init.d/squid start

squid runs fine with default config, and commonly runs on port 3128 or 8080


psydoc 01-13-2005 06:35 PM

Howto ? Set-up Gateway proxy on my servers?
Hi Adam,

Thanks for the reply!

What I want is to let members to my site connect to my server using an encrypted connection, i.e.,, and from there browse anywhere they want. Most of them will only be using it to go to sites that we recommend for investments.

The real tricky part is that many of them come from countries that are not exactly free (I say this as though any of us are really free from governmental oppression of some sort), and so their ISP isn't able to track them to anything that can be used against them. All their ISP will see is an encrypted connection to our site.

Does squid provide for all this anonymity?

And, if I could impose on you further to tell me how to acquire squid and install it, I will be very grateful!


adamwenner 01-13-2005 07:36 PM

i believe squid has authentication, but is set up in the browser, there is no way (i am aware of) that will allow someone to type in their browser "https://my-server" and be able to then browse to other places on the net unless you put VNC on this computer, then they will control another computer in a "free" country

for instance, i have a linux box in my house, if all these users have "vnc viewer" on their machines, they can open a connection to my ip address on a certain port and then be able to control my computer remotely as if they were sitting in front of it

this may be your best option if you only have 5-10 people in "not free" countries

now squid is a little different, connections coming out of your "not free" computers will say the URL they are connecting to, but will actually connect to your server, this may cause the government to be able to protect the connection

AHA!! better option

allright, i got what I would see as the best option i can think of

have each user (running linux) open up an SSH connection with your free country server, and have it set up to "tunnel" connections, making it invisible to the local governments

if using linux, install squid from, RPM is the easiest way to do it

now, start it using the command i said earlier

and then get your "not free" machines to tunnel a connection to your server, if they are using linux, open a terminal and type in
ssh -L 3128:localhost:3128
windows users can use putty and go to the "tunnels" tab and type in
Source port: 3128
Destination: localhost:3128

now in the users browsers, put in this for the proxy information
proxy: localhost
port: 3128

(change the port to whatever you tell squid to run on, defaults are either 3128 or 8080 or 80)

it should then forward connections through the SSH tunnel to your remote proxy machine, and the local government will only see an encrypted connection on port 22, nothing more

lemme know if you need any further clarification, cause i might have started rambling

psydoc 01-13-2005 10:46 PM

Hi adam,

Don't worry about rambling. I've posted a few dissertations in my life, too!

I think I see how your suggestion would work, but can't their local ISP (usually their not so friendly or free government) intercept the pages that are served through to their computer?

I have a linux server in Panama, a couple in St. Vincent and several in the US. All are running redhat 7.3.

Couldn't nice person from not free machine use an encrypted connection to one in, say Panama; be relayed to another, and then to another that contains a remote browser? The last machine IP would be what is served to the server from which they request information, so there is no location of not free machine. The original https connection would serve pages to not free machine, and ISP would not be able to understand the information.

As I said in my original post, I'm a newbie. I can handle writing simple PHP and PERL scripts, but when we get to command line, I a little thick.

I really appreciate your taking so much of your time to answer my questions.

Problem is, I am a business man, not an qualified IT guy.


adamwenner 01-13-2005 10:55 PM

well, with this SSH tunneling, the local government wont see anything except an SSH session, they wont see webpages being served through the SSH tunnel


psydoc 01-14-2005 11:15 AM

Hi adam,

Thanks, as I said, I'm a newbie to linux; however, I didn't make the connection in my little brain about the SSH connection.

I have printed your suggestions, and will be away for a while, trying to implement everything.

I'll let you know how I make out.

Thanks again, for everything.


adamwenner 01-14-2005 11:40 AM

no problem

let me know if you have any problems, ill be happy to help, just fire me off an email, my address is in my LQ profile


All times are GMT -5. The time now is 09:38 AM.