Re: [SQU] Tunneling proxy?

From: Henrik Nordstrom <>
Date: Fri, 19 Jan 2001 09:36:16 +0100

Erhm.. there are many ways to tunnel traffic thru a firewall if you have
access to both sides, but are you allowed to do this?

My recommendation is to use SSH port forwarding if anything. But FIRST
ask the client if this is OK, as it might expose their systems.

I do not recommend to install proxy at the client. Instead set up a SSH
port forward per server you need access to.

You can use a Squid with a redirector (and redirec_rewrits_host_header
off) or another proxy with URL rewriting capabilities locally to forward
the requests to the correct forwarded port.

Henrik Nordstrom
Squid hacker
Gary E Bickford wrote:
> Folks,
> I've looked at the howto's and some other things.  I seem to have missed
> any link to the mail list archive - can someone send that to me or post it?
> My particular problem is somewhat complicated.  I don't know enough
> about Squid to know if this is a hard thing or a soft thing :O)  Please
> excuse me if this question is handled in the howto somewhere, perhaps I
> misunderstood what I'm doing and didn't see the solution in front of me.
> I am working on several web servers that live behind a firewall at a
> client company.  I normally get to the machines via SSH on any of a
> number of specially assigned set of ports for this purpose.  Some of
> these sites are composites of my work and other machines that I don't
> have access to, and vary.  I can't see these other sites directly. I
> guess we could say I'm on the 'wrong side' of the firewall.
> I need to set up a proxy server on one of my client machines inside the
> firewall, that my local Squid can get to either on a high port or via an
> SSH tunnel, that would allow me to get to these machines with their real
> domain names - a transparent proxy going the wrong way?  I'm running
> Squid on my local machine already.  Can I set up a parent proxy on a
> high port such that my local Squid will know to send requests through
> this other proxy for all machines in, e.g., '' but will not
> send them through the other machine for all other domains/address blocks?
> Do I need to use SSH?  I generally don't have a need to use encryption,
> but compression is nice.  Although I could use SSL occasionally it's not
> essential.
> The client company has several different address blocks.
> --
> Diplomacy is the art of saying "nice doggy" until you can find a rock.
> ---
> Gary E Bickford,,, tel 541-383-2749
> FXT Corporate Websystems, content & asset management, extranet applications:
> PHP, XML, Apache, Tomcat, SQL, JSP
> --
> To unsubscribe, see
To unsubscribe, see
Received on Fri Jan 19 2001 - 03:59:59 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:30 MST