RE: [squid-users] SQUID behind SOCKS5 from Chad Z. Hower aka Kudzu on 2008-06-21 (squid-users)

From: Chad Z. Hower aka Kudzu <chad-jm_at_hower.org>
Date: Sun, 22 Jun 2008 08:43:23 +0800

> Then do Squid -> SSH -> Squid.

I cant really put SQUID up after SSH their either.

> How do you connect to the Internet over SSH? There must be something I
> miss here...

The server has access to the internet to do SSH. But the server has a firewall on it that disallows any access from it to anything but the SSH (and SOCKS which actually runs over the SSH).

The basic idea is this - everything from the location MUST go out over the SSH/SOCKS connection. Nothing else is permitted, so the only traffic that goes on its normal internet connection is the SSH tunnel.

All clients on the LAN then use proxies made available by the server which right now are tunneled ports and a SOCKS5 connection. Actually there is also a HTTP proxy on the other side of the SSH which we open a tunnel to as well, but its not configured well and interferes with web services etc.

We cannot change/alter/install things on the SSH server side.

The SOCKS and SSH work really well, but we just need to make a local HTTP proxy which can take local requests from the LAN but makes its requests over the SOCKS. This will bridge the gap between the apps which don’t support SOCKS directly but do support a HTTP proxy.

Privoxy can actually do this but it doesn’t support PUT and some other advanced HTTP commands so it also fails with many of the web clients.

> And in Squid it's pretty much isolated to what happens around the
> commConnectStart() call.
>
> To get it to use SOCKS5 for DNS lookups as well is perhaps a little
> tricker however.. but only needed if yuu really need DNS resolving for
> acl checks etc..

We have a local DNS server which chains to another upline one on the SSH server side so if we can just get the HTTP requests over SOCKS SQUID can use our local DNS and it will take care of the rest.

So if nothing else appears... maybe I'll have to go digging...

How hard is it to get SQUID to build on Windows?

--
Chad Z. Hower aka Kudzu
"Programming is an art form that fights back"
http://www.KudzuWorld.com/
Using Paypal? 
Paypal US is not regulated as a bank - they can do anything
they want including seize your money without reason
and have done so to hundred's of thousands of users. 
Don't believe me? Read this: <http://tinyurl.com/2htk2p>

Received on Sun Jun 22 2008 - 00:48:01 MDT

This archive was generated by hypermail 2.2.0 : Sun Jun 22 2008 - 12:00:04 MDT