squid

jcombs_31 · 03-28-2006, 08:14 AM

I have squid setup on my home slackware box and it is working fine from work. What is strange is that I'm still getting blocked by a local proxy server running websense. I don't quite understand how this could be if my browser setting are using my home proxy. Any ideas?

lucktsm · 03-28-2006, 07:28 PM

What you should do to get around that websense stuff is this:

1. set up the ssh server to listen on say port 443 ( a standard web port )
2. Connect to the ssh server create a tunnel for squid on 3128.
3. Point your browser proxy to localhost:3128. This way it will work and be encrypted so websense can't see it.

G'luck

piforever · 03-28-2006, 09:07 PM

How do you prevent others from using your proxy??? Authentication??? If so, how??!!

thnx

jcombs_31 · 03-29-2006, 06:58 AM

Quote:

Originally Posted by lucktsm

What you should do to get around that websense stuff is this:

1. set up the ssh server to listen on say port 443 ( a standard web port )
2. Connect to the ssh server create a tunnel for squid on 3128.
3. Point your browser proxy to localhost:3128. This way it will work and be encrypted so websense can't see it.

G'luck

that sounds good, I actually have ssh listening of 23 right now because they have 22 blocked. The part I don't know is how to set up the tunnel for squid. Is that just a setting in the squid.conf file?

jcombs_31 · 03-29-2006, 09:45 AM

Ok, I partially figured it out. I set up a tunnel through putty after researching a little. I can establish an ssh connection with putty, and then I openened another session with putty through localhost

ort# and was able to connect that way. But when I try to do the settings with the browswer I am getting.

Code:

SSH-1.99-OpenSSH_4.2

that is all that shows in my browser

could this be because I have ssh listening on port 23? Does it need to listen on 80 or 443 to work?

jcombs_31 · 03-29-2006, 11:55 AM

ok, so I'm stuck. Squid is listening on port 8888, ssh is listening on port 23. I have putty set up to connect to my ssh server on port 23, with tunneling set up with source port 8888, and destination (myserver:23).

So I think I'm getting the protocol mismatch because the browser should be gettin http instead of ssh. So, I tried setting up putty with the tunnel going to port 8888 on the remote server, and it won't connect. What am I missing here?

lucktsm · 03-29-2006, 09:50 PM

Here's what I do: I tunnel into my server using putty or winssh for me.

Then I tunnel to 3128 to localhost. On my server only my ssh port is open. Once this is esablished my browser points to localhost:3128 for the proxy and the ssh is the only connection to the server. You follow?

piforever · 03-30-2006, 04:08 AM

make sure that squid accepts connections from localhost only...or the FW refuses any connections to squid's port. this is what i've been doing in my case to prevent external use of my proxy. in my case it is delegate not squid. What I do is similar to lucktsm.

jcombs_31 · 03-30-2006, 06:45 AM

the tunnel should be to the port squid is listening on, not your ssh port correct? That is what I'm doing, I ssh to my box with the tunnel to destination port 8888 ( I'm using that instead of 3128 ). I set my browser to localhost:8888 but it doesn't connect. I can put xx.xx.xx.xx:8888 ( x being my server ) and squid works fine. There is something with the tunnel not working correctly.

Now if I set my tunnel to the ssh port instead, it connects but with a protocol mismatch.

piforever · 03-31-2006, 05:20 AM

This is what I do….

In my home PC I have a proxy running and accepts connections on port 21000. I also have SSH running and accepts connections on port 22.

On my work PC I do this:

I use putty to connect my home PC using SSH. In the tunnel options in Putty I use "22222" for the source port and the destination should be like this "localhost:21000". Then I configure my browser in my work PC to use those settings "Proxy: 127.0.0.1
Port: 22222"

Now I can browse securely.

What I made is that I used putty to encrypt and transfer all my activities to my SSH server in my home PC and the SSH server will then send the data to the proxy port 22222 and then I will get the response using the same encrypted path.

So basically you do this:

Code:

HOME PC
IP:xx.xx.xx.xx
Proxy port:AAAA
SSH server port: CCCC

WORK PC
Putty settings:
Connect to xx.xx.xx.xx on SSH port CCCC
Tunnel settings:
Source port: BBBB
Destination: localhost:AAAA

Work browser settings:
Proxy: 127.0.0.1
Port: BBBB

In my case I use delegate as a proxy. And I configured it to accept only local connections, since the SSH server running on the same machine so I can use the proxy. I also have iptables running and not accepting incoming external connections on the proxy port to prevent others from using my proxy which is another way to protect your proxy.

This worked fro me and I hope it works for you. If someone have a better way plesae feel free to correct me.

jcombs_31 · 03-31-2006, 11:38 AM

I looked through the logs and saw an error with a missing cache dir, I created the directory and it works now. Now I just have to play with the ACL.

jcombs_31 · 04-03-2006, 09:56 AM

sorry, disregard.