At 15:37 17/11/98 -0800, you wrote:
>I would like more info.. the district has a socks firewall and an http
>proxy but the proxy dosent seem to always work.. so i ll like to try to
>socks squid.. what would i need to do to the squid.conf and any other
>goodies would be helpful..
Well, let's go. First of all investigate if your firewall uses Socks4 or
Socks5. There are significant differences between both, specially Socks5's
support for UDP, which is the basis for ICP (I presume.. ;)). If your
firewall supports only Socks4, you can't relay UDP traffic with Socks4, so
the only use of Squid is as a standalone cache, or talking with external
caches in a non-ICP mode (or, worse, you could open your firewall to ICP
requests, thus opening a port for external would-be intruders). If the
implementation is Socks5-compatible, you could add a rule to permit inbound
and outbound ICP traffic over Socks5 (internal port >1024 --> external port
3128, or whatever your ISP's cache uses).
Either way, Squid MUST run socksified. So get a copy of NEC's Socks5
implementation (available at www.socks.nec.com), install and compile it.
You will use ONLY the client (the package contais client & server).
Configure the /etc/libsocks.conf file in your machine so it knows whereis
your Socks5 firewall:
socks4 - - - - arjuna.trf3.gov.br:1080
Note the socks4 word in the beginning of the file (substitute for socks5,
if needed) and the hostname and port of your firewall (the documentation
explains it in detail). That done, create and edit a 'wrapper script' which
calls Squid with runsocks. My script is called 'ssquid' and contains:
#! /bin/bash
/usr/local/bin/runsocks /usr/local/squid/bin/squid $*
Configure your squid.conf as usual, since your Squid will think that it is
in a 'direct' Internet connection. Start it in your /etc/rc.local (or the
adequate file for your Unix):
echo "Starting (socksified) Squid..."
rm -rf /usr/local/squid/squid.out
/usr/local/squid/bin/ssquid -sY >> /usr/local/squid/ssquid.out 2>&1 &
Happy surfing. ;)
Hope this helps,
*--------------------------------------------------------------------------*
| Marlon Borba - Suporte Tecnico - Tribunal Regional Federal da 3a. Regiao |
| Celular: (011) 9945-2841 Trabalho: (011) 230-4683 e 230-4684 |
| marlon@sti.com.br * marlon.borba@rocketmail.com * marlon.borba@usa.net |
*--------------------------------------------------------------------------*
| Ajude a construir uma Internet livre, aberta e baseada em padroes |
| Associe-se 'a Internet Society |
| For a free, open, standards-based Internet, join Internet Society |
| Informacoes/Information: http://www.isoc.org |
*--------------------------------------------------------------------------*
Received on Thu Nov 19 1998 - 15:18:55 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:10 MST