Quote:
Originally Posted by Firerat
wait, I think something may have clicked
you want squid to be available via the public IP using its 3G connection as the connection to clearnet
This will be due to the ACL setup on squid
You will have to configure it to allow users outside your lan.
|
Hi Firefat, thanks for your answer. You're right, that's the idea, squid to be available via the public IP that my residential provider gives me but using 3G connection as proxy gateway.
The router config is ok as I forwarded the port 3128 to the private IP address of the Raspberry (I tried "tnc public_ip -port 3128" from Windows powershell and it shows the port is open so that's fine).
From the proxy side, I've set a temporary "http_access allow all" and I do see connections in access.log file with source IP address 192.168.1.1 (that's ok as the router is the one that sends the packets coming from Internet) but it does not work.
I have some logs from access.log file while trying to open google.com from a laptop connected to the proxy over Internet:
1571517517.340 10347 192.168.1.1 TCP_TUNNEL/200 39 CONNECT clients4.google.com:443 - HIER_DIRECT/172.217.16.238 -
1571517518.630 10658 192.168.1.1 TCP_TUNNEL/200 39 CONNECT
www.google.com:443 - HIER_DIRECT/172.217.17.4 -
1571517518.670 10680 192.168.1.1 TCP_TUNNEL/200 39 CONNECT
www.google.com:443 - HIER_DIRECT/172.217.17.4 -
1571517518.801 10505 192.168.1.1 TCP_TUNNEL/200 39 CONNECT
www.google.com:443 - HIER_DIRECT/172.217.17.4 -
1571517518.810 10364 192.168.1.1 TCP_TUNNEL/200 39 CONNECT
www.google.com:443 - HIER_DIRECT/172.217.17.4 -
1571517518.962 0 192.168.1.1 NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -
1571517518.962 0 192.168.1.1 NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -
1571517519.160 10926 192.168.1.1 TCP_TUNNEL/200 39 CONNECT s2.googleusercontent.com:443 - HIER_DIRECT/172.217.16.225 -
1571517519.540 10380 192.168.1.1 TCP_TUNNEL/200 39 CONNECT
www.google.com:443 - HIER_DIRECT/172.217.17.4 -
1571517519.610 10802 192.168.1.1 TCP_TUNNEL/200 39 CONNECT
www.gstatic.com:443 - HIER_DIRECT/216.58.211.35 -
1571517522.250 10380 192.168.1.1 TCP_TUNNEL/200 39 CONNECT ssl.gstatic.com:443 - HIER_DIRECT/172.217.168.163 -
1571517523.300 10158 192.168.1.1 TCP_TUNNEL/200 39 CONNECT
www.google.com:443 - HIER_DIRECT/172.217.17.4 -
1571517529.230 10257 192.168.1.1 TCP_TUNNEL/200 39 CONNECT
www.google.com:443 - HIER_DIRECT/172.217.17.4 -
1571517534.970 10350 192.168.1.1 TCP_TUNNEL/200 39 CONNECT
www.google.com:443 - HIER_DIRECT/172.217.17.4 -
1571517534.980 10372 192.168.1.1 TCP_TUNNEL/200 39 CONNECT
www.gstatic.com:443 - HIER_DIRECT/216.58.211.35 -
1571517539.220 10401 192.168.1.1 TCP_TUNNEL/200 39 CONNECT mail.google.com:443 - HIER_DIRECT/172.217.168.165 -
1571517543.010 10244 192.168.1.1 TCP_TUNNEL/200 39 CONNECT ssl.gstatic.com:443 - HIER_DIRECT/172.217.168.163 -
1571517549.600 10246 192.168.1.1 TCP_TUNNEL/200 2665 CONNECT
www.google.com:443 - HIER_DIRECT/172.217.17.4 -
Given that, I assume the traffic is reaching the Raspberry and it tries to act as a proxy, but I have no clue why it's not working