RE: [squid-users] SQUID behind SOCKS5 from Chad Z. Hower aka Kudzu on 2008-06-21 (squid-users)

From: Chad Z. Hower aka Kudzu <chad-jm_at_hower.org>
Date: Sun, 22 Jun 2008 06:25:40 +0800

> For SSH you need a server on the outside where you can SSH to. If you
> have than then the easiest is to run Squid on that server, and use SSH
> to set up a port forwarding from the LAN to that server.

I know how to do that, but I need the reverse. Not SSH to SQUID, but SQUID to SSH or SOCKS5.

The server here on the LAN has to connect to the internet only over SSH or SOCKS5 for all user sessions. The problem is that a lot of clients don’t have SOCKS5 support, or in many cases it doesn’t work right. So I want to set up a local (on our local server here on our LAN) SQUID or other HTTP proxy since all the apps support that, and then have it go out over SOCKS5 or SSH.

> Drawback is that it's only as reliable as your SSH session, and also
> probably not the most efficient solution as all traffic gets encrypted
> and tunneled out to the SSH server..

Our SSH is quite reliable and we have about 2 dozen failovers. So its not an issue. We have to run over this and we don’t have a choice - but I need a way to provide a local HTTP proxy that all the client programs can use. I'd also like to do URL logging, which an HTTP proxy would also let me do.

> Squid currently do not support SOCKS5. Adding support for SOCKS5 is a
> good project for anyone interested.

I'm not super fond of C/C++ so I'm not a good candidate. Actually I could make the changes if I didn’t kill myself trying to get it to build first. SOCKS5 support is really really easy. I've built it into other apps in other languages. All that needs to be done is for each outbound socket to create a small struct, and instead of opening the TCP connection to the real destination, open it to the SOCKS server and write the structure after connection. The struct contains the real destination info. It really is a few lines of code.

> TCP SOCKS5 is not a very complex protocol to implement, in fact a very
> simple protocol. For details see RFC1928 and RFC1929. The big question
> is why noone has done this for Squid..

Exactly.... :)

--
Chad Z. Hower aka Kudzu
"Programming is an art form that fights back"
http://www.KudzuWorld.com/
Using Paypal? 
Paypal US is not regulated as a bank - they can do anything
they want including seize your money without reason
and have done so to hundred's of thousands of users. 
Don't believe me? Read this: <http://tinyurl.com/2htk2p>

Received on Sat Jun 21 2008 - 22:30:19 MDT

This archive was generated by hypermail 2.2.0 : Sun Jun 22 2008 - 12:00:04 MDT